Grafana Google Oauth Issues behind proxy

mundyb · April 18, 2018, 3:35pm

Hello,

I have a Grafana server running behind a reverse proxy. Everything works without issue, except Oauth with Google where I receive a 404 not found error. Once again, everything works without issue. I can log in with local accounts and perform all tasks. When I click the login with Google button is when I get the message. Has anyone else experienced this?

torkel · April 18, 2018, 5:43pm

make sure your grafana ini root_url setting is the full root url you use in your browser to access grafana (the reverse proxy url )

mundyb · April 18, 2018, 5:55pm

Yes, the root_url is set. Keep in mind, everything works perfect except for the Google Login

dcech · April 18, 2018, 5:58pm

What is the url it’s redirecting you back to that’s throwing the 404? It should be https://<grafana.yourcompany.com>/login/google

mundyb · April 18, 2018, 6:05pm

Yes, that is what the log is showing

0400 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/ status=302 remote_addr=65.60.173.246:53545 time_ms=0 size=29 referer=
t=2018-04-18T14:03:53-0400 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/google status=302 remote_addr=65.60.173.246:53545 time_ms=0 size=447 referer=https://grafana.westerville.org/login
t=2018-04-18T14:03:53-0400 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/o/oauth2/auth status=404 remote_addr=65.60.173.246:53545 time_ms=1 size=10671 referer=https://grafana.westerville.org/login

dcech · April 18, 2018, 6:13pm

Where is the /o/oauth2/auth path coming from? Is that in your Grafana config somewhere?

mundyb · April 18, 2018, 6:17pm

Yes, in my grafana.ini file I have the following lines under the [auth.google] section

auth_url = https://accounts.google.com/o/oauth2/auth
token_url = https://accounts.google.com/o/oauth2/token

dcech · April 18, 2018, 6:38pm

Hmm, I wonder whether your proxy is rewriting the redirect improperly, so Grafana returns a header like Redirect: https://accounts.google.com/o/oauth2/auth?<params> and the proxy is rewriting it to Redirect: https://grafana.westerville.org/o/oauth2/auth?<params> which the browser then follows resulting in the 404.

mundyb · April 19, 2018, 12:24am

Yeah, if I manually change the path to accounts.google.com it works. Now, I just have to figure out how to make IIS rewrite work. Maybe it ONLY works if you use a subpath.

mundyb · April 20, 2018, 8:20pm

The link below had the information that I needed to get this working properly. Just closing the loop for the next person.