Grafana JWT Authentication jwk_set_url Clarification

Grafana Authentication
1

We are Using Grafana Version 11.2.0 in our kubernetes environment.
We are trying to login Grafana application using JWT token from another internal application. For signature verification we are trying to use the jwk_set_url.
Two clarifications.

  1. Can this URL jwk_set_url be http instead of https. Because we are trying to access through internal services since our auth services also runs locally it doesn’t need to go through load balancer…
  2. Even with https jwk_set_url https://authprovider.com/.well-known/jwks grafana doesn’t make a call to call to get public key to verify JWT token. Does grafana make a call to jwk_set_url to get the public signing key?
2

1.) I would say just try and check (or check it there is any protocol limitation mentioned)
2.) How do you know that? It can be lazy implementation, e.g. it is not loaded until it is needed.

3

Hello @jangaraj ,

  1. I tested with http and got this error message from grafana startup log. “Error: ✗ jwt_set_url must have https scheme”. Is there any flag we can skip this and pass through with http?
  2. I tested by bring down my auth severice who issued the JWT token. Started grafana again to make sure it doesn’t have anything in cache and i was able to login the jwt token issued by Auth service. No calls made by grafana with jwt_set_url to get the singing key
4

1.) Check the source code/doc for your version.

2.)

Prove it please. You didn’t provide any reproducible example and debug logs to confirm that Grafana authenticated you by JWT token. I can guess: some another authN method authenticated you, not JWT token.