Generic OAuth Not Allowing for Implicit Grant Type

Grafana Authentication
1

In the Grafana.ini file I am explicitly setting response_type = token, but when go to Grana login page and click “Sign in with OAuth,” Redirect fails because Request URL gets the response_type changes to “code” insteand of “token”

Is there something going on behind the scene for Grafana’s application code that prevents using Implicit Grant Types? Or are we only able to use Authorization Code grant types?

Request URL:

https://cloudsso-test.cisco.com/as/authorization.oauth2?access_type=online&client_id=Impact-Grafana-Dev&redirect_uri=https%3A%2F%2{MY-GRAFANA-DNS-URL}%3A3000%2Flogin%2Fgeneric_oauth&response_type=code&scope=openid+profile&state=0n35xVuPMQKtUKjRAr_Y5pJAVWBhC0mXc41MQY0pxgY%3D

2

Yes, Grafana backend needs token, so implicit flow isn’t right flow for authentication.

5

Doc Configure generic OAuth2 authentication | Grafana documentation :

You may have to set the root_url option of [server] for the callback URL to be correct.

6

Ok I switched grant type to: Autorization Code with a Refresh Token, and after changing the root_url to the DNS that points to the instances running Grafana, I get this server error to check logs:

login.OAuthLogin(get info from generic_oauth)

Check the Grafana server logs for the detailed error message.

Even when I set the log directory in the grafana.ini file, no logs are printed to it, nor is a log directory created by Grafana.

Is there a default log path that Grafana creates for errors such as these or should there be log generated in the path I set in the .ini file?

Thanks for your help in advance.

7

Yup I set the root_url to DNS that points to Grafana…but I’m getting 500 Internal Server errors and it says to check the logs; however nothing is being printed to the log files in path /var/log/grafana

8

Found the logs within the Docker container, why would the Api Key be invalid when we are working with ClientId and ClientSecret?

lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=302 remote_addr=10.128.116.167 time_ms=0 size=335 referer=https://grafana-dev.pri.services-exchange.com:3000/login

lvl=eror msg=“Invalid API key” logger=context error=“Invalid Api Key”

lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=401 remote_addr=172.17.0.1 time_ms=0 size=29 referer=

lvl=eror msg=“login.OAuthLogin(get info from generic_oauth)” logger=context userId=0 orgId=0 uname= error=“Error getting user info: {“message”:“Invalid API key”}”

lvl=eror msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=500 remote_addr=10.128.116.167 time_ms=754 size=1731 referer=https://grafana-dev.pri.services-exchange.com:3000/login