Forward oauth identity not working with AWS API gateway

Grafana Authentication
1

  • What Grafana version and what operating system are you using?
    9.4.7

  • What are you trying to achieve?
    Using oauth to call the backend API

  • How are you trying to achieve it?
    I am using AWS Cognito for oauth. I am able to login via oauth.
    After login, I have configured JSON data source with forward oauth identity option enabled.
    I have configured the URL (AWS API gateway URL) in the data source which I can access using the ID Token from Postman.

  • What happened?
    On trying to Save the Data source settings, it says error getting data frame. 401 Unauthorized.
    If I Add custom Authorization header and manually pass the ID token (as bearer token) then it works.

Is there any addition configuration required that I am missing?

  • What did you expect to happen?
    It should have called the api url and return the json response.

  • Can you copy/paste the configuration(s) that you are having problems with?
    Let me know what additional details I have to provide. oauth setting are:
    #################################### Generic OAuth #######################
    [auth.generic_oauth]
    name = Cognito
    icon = signin
    enabled = true
    allow_sign_up = true

client_id = XXXXXXXXXXXXXX
client_secret = YYYYYYYYYYYYYYYYYYYY

scopes = email profile aws.cognito.signin.user.admin openid
empty_scopes = false
email_attribute_name = email:primary
email_attribute_path =
login_attribute_path =
name_attribute_path =
role_attribute_path =
role_attribute_strict = false
groups_attribute_path =
id_token_attribute_name =
team_ids_attribute_path =

auth_url = https://iotasmarthome.auth.ap-south-1.amazoncognito.com/oauth2/authorize
token_url = https://iotasmarthome.auth.ap-south-1.amazoncognito.com/oauth2/token
api_url = not able to put more than two links…

teams_url =
allowed_domains =
;team_ids =
allowed_organizations =
tls_skip_verify_insecure = false
tls_client_cert =
tls_client_key =
tls_client_ca =

updated to true

use_pkce = false

  • Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.
    error getting data frame. 401 Unauthorized

  • Did you follow any online instructions? If so, what is the URL?
    Yes, I tried all instructions but it is not working