Get id_token from user authenticated with custom (AWS Cognito) oauth

I have successfully configured Grafana to authenticate using AWS Cogntio and now I’m trying to find how I can access the user’s idToken so that I can use it to call our ElasticSearch service from my custom plugin.

How do I get the idToken of the logged in user in my datasource.ts file?

Thanks for your help!

I guess that Cognito is only for Kibana authentication, but not for AWS ES. I would use Signature Version 4 authentication, which is already available: Elasticsearch | Grafana Labs

Thanks for your response, jangaraj.

I should mention that I am proxying the request to Elasticsearch via our api gateway.

So This question is really about getting the token in order to pass as a bearer token to our API gatway.

That makes more sense. I would check Forward OAuth Identity source code functionality (it is working with access token, so you may find also ID token there):

Are you able to point me to the source code for “Forward OAuth Identity”? I thought this was a plugin but I couldn’t find it in the plugin store. What is the screenshot you shared from?

Thanks so much for your help!

That’s not a specific plugin. It is a native datasource setting: Search · Forward OAuth Identity · GitHub