Generic OAuth config not in grafana.ini file

Grafana Authentication
1

Hello all,

I recently configured my grafana instance to use Authentik for login in securely. This worked perfectly until I noticed that my oauth user lost all permissions.

I configured this Generic OAuth via the web GUI and when I tried to disable this configuration from the grafana.ini file, I did not find it anywhere. I am stuck here because I can’t get the regular login form to show, because I also configured it so it auto logins to Authentik without prompting for the “Authentik” button.

Here is the config in grafana.ini (empty):

#################################### Generic OAuth ##########################
[auth.generic_oauth]
;enabled = false
;name = OAuth
;allow_sign_up = true
;auto_login = false
;client_id = some_id
;client_secret = some_secret
;scopes = user:email,read:org
;empty_scopes = false
;email_attribute_name = email:primary
;email_attribute_path =
;login_attribute_path =
;name_attribute_path =
;id_token_attribute_name =
;auth_url = https://foo.bar/login/oauth/authorize
;token_url = https://foo.bar/login/oauth/access_token
;api_url = https://foo.bar/user
;teams_url =
;allowed_domains =
;team_ids =
;allowed_organizations =
;role_attribute_path =
;role_attribute_strict = false
;groups_attribute_path =
;team_ids_attribute_path =
;tls_skip_verify_insecure = false
;tls_client_cert =
;tls_client_key =
;tls_client_ca =
;use_pkce = false
;auth_style =
;allow_assign_grafana_admin = false

I am running grafana on Docker and yes the ini file is correctly used and there are other configurations in the file.

Where is the OAuth I configured ? How can I get the login form back ?

2

+ you can’t mix UI/file configs. If ouath was enabled via UI, then it must be disabled in UI as well.

3

Thanks for the answer. But here is the problem with this. I configured it in the UI, but now, i can’t access the UI anymore because my oauth account doesn’t have the permissions anymore. I can only edit from the command line (grafana.ini, grafana cli etc).

edit: Just saw the link, ill try that thanks.

4

Thanks a lot, I managed to login using this option in the url. I then disabled the oauth config in the GUI and I enabled it back in the grafana.ini. Also fixed my permission issues with this conf in grafana.ini in generic oauth.

...
allow_assign_grafana_admin = true
role_attribute_path = contains(groups, 'authentik Admins') && 'GrafanaAdmin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
5