-
What Grafana version and what operating system are you using?
Containerized Grafana OSS 11.0.0 in Ubuntu 22.04 and running on ECS Fargate. -
What are you trying to achieve?
Github Oauth integration with github organization filtering. And singup the user via github if not exists in Grafana. -
How are you trying to achieve it?
Following this documentation. -
What happened?
It seems like Grafana cannot able to fetch the organizations of the authenticated user, according to the debug logs it got an empty list for it. If i set theallowed_organizationsproperty to""it works, a user created via the github authentication. -
What did you expect to happen?
Working properly when i set theallowed_organizationsto a github organization im in. -
Can you copy/paste the configuration(s) that you are having problems with?
My Github app created under the exact organization i want to use for and filter for, with the following permissions:- Organization permissions/Members: Read-only
- Account permissions/Email addresses: Read-only
Im using the following environment variables and secrets in the ECS contianer definition:
"environment": [
{
"name": "GF_DEFAULT_APP_MODE",
"value": "production"
},
{
"name": "GF_LOG_LEVEL",
"value": "debug"
},
{
"name": "GF_SERVER_DOMAIN",
"value": "/"
},
{
"name": "GF_AUTH_GITHUB_ALLOW_SIGN_UP",
"value": "true"
},
{
"name": "GF_AUTH_GITHUB_ALLOWED_ORGANIZATIONS",
"value": "REDACTED-ORG"
},
{
"name": "GF_AUTH_GITHUB_API_URL",
"value": "https://api.github.com/user"
},
{
"name": "GF_AUTH_GITHUB_AUTH_URL",
"value": "https://github.com/login/oauth/authorize"
},
{
"name": "GF_AUTH_GITHUB_ENABLED",
"value": "true"
},
{
"name": "GF_AUTH_GITHUB_SCOPES",
"value": "user:email, read:org"
},
{
"name": "GF_AUTH_GITHUB_TOKEN_URL",
"value": "https://github.com/login/oauth/access_token"
},
{
"name": "GF_AUTH_GITHUB_SKIP_ORG_ROLE_SYNC",
"value": "true"
},
{
"name": "GF_AUTH_GITHUB_ROLE_ATTRIBUTE_PATH",
"value": "Viewer"
},
{
"name": "GF_SERVER_ROOT_URL",
"value": "https://${grafana_domain}"
}
],
"secrets": [
{
"name": "GF_SECURITY_ADMIN_USER",
"valueFrom": "${grafana_admin_user_ssm}"
},
{
"name": "GF_SECURITY_ADMIN_PASSWORD",
"valueFrom": "${grafana_admin_password_ssm}"
},
{
"name": "GF_AUTH_GITHUB_CLIENT_ID",
"valueFrom": "/grafana/${environment}/GF_AUTH_GITHUB_CLIENT_ID"
},
{
"name": "GF_AUTH_GITHUB_CLIENT_SECRET",
"valueFrom": "/grafana/${environment}/GF_AUTH_GITHUB_CLIENT_SECRET"
}
]
- Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.
UI Error
Login failed
User is not a member of one of the required organizations. Please contact identity provider administrator.
Debug logs
2024-07-18T09:13:06.259Z [grafana] logger=oauth.github t=2024-07-18T09:13:06.259226954Z level=debug msg="HTTP GET" url="https://api.github.com/user/teams?per_page=100" status="200 OK" response_body=[]
2024-07-18T09:13:06.400Z [grafana] logger=oauth.github t=2024-07-18T09:13:06.400857628Z level=debug msg="HTTP GET" url="https://api.github.com/user/orgs?per_page=100" status="200 OK" response_body=[]
2024-07-18T09:13:06.401Z [grafana] logger=authn.service t=2024-07-18T09:13:06.400955396Z level=error msg="Failed to authenticate request" client=auth.client.github error="[auth.oauth.userinfo.error] failed to get user info: [auth.missing_organization] User is not a member of any of the allowed organizations: [REDACTED-ORG]"
- Did you follow any online instructions? If so, what is the URL?
Configure GitHub OAuth2 authentication | Grafana documentation