Grafana JWT Authentication not working anymore after Update from Version 10 to 11

Grafana Authentication
1

EDIT: The breaking change happens between Grafana Version 10.1.10 and somewhere between 10.2.0 and 10.2.8

I also openend an issue on Github after creating this thread: Authentication/Login: Login Url Request with JWT Token does not set grafana_session cookies · Issue #90200 · grafana/grafana · GitHub

Just tested it on my docker environment.

I am running Grafana Version 11.1, before updating I was running Grafana 10. My application uses Grafana iframes to display charts. The login flow is the following:

  1. User logs into my web application
  2. Backend gives user a JWT
  3. Frontend automatically signs into Grafana with the JWT per URL request({grafana_url}/login/). An header is set(“X-JWT-Assertion”).
  4. User is now also logged into grafana, charts are viewable

  • What happened?
    After updating to Grafana 11 from version 10 the grafana login response no longer contains the “Set-Cookie” headers for “grafana_session” and “grafana_session_expiry”, so the users stays signed out. Even though the login request itself was successful. New users do also get created by logging in per URL and jwt token, so grafana accepts it. The only difference I saw between version 10 and 11 are the missing Set-Cookie headers.

  • Can you copy/paste the configuration(s) that you are having problems with?

[paths]
provisioning = /etc/grafana/provisioning

[server]
enable_gzip = true
serve_from_sub_path = true
protocol = http
http_port = 9000
domain = mydomain
root_url = %(protocol)s://%(domain)s:%(http_port)s/grafana/

[rendering]
callback_url = http://grafana:9000/

[security]
allow_embedding = true

[users]
allow_sign_up = false
auto_assign_org = true
auto_assign_org_role = Editor
default_theme = light

[log]
filters = rendering:debug

[auth]
disable_login_form = false

[auth.anonymous]
enabled = false
org_role = Viewer
org_name = Main Org.

[auth.proxy]
enabled = true
enable_login_token = true

[auth.jwt]
enabled = true
header_name = X-JWT-Assertion
username_claim = sub
role_attribute_path = role
key_file = /key_set/rsa_pub.pem
auto_sign_up = true
1 Like
2

Does JWT work without iframe? What is in the debug logs?

3

JWT itself works, since new accounts get created in Grafana. It’s just that no Cookies get set, so the user is still not logged in after the request. And there are no errors in the logs, since everything was successful. The grafana login request just does not return the headers, if logged in through my angular web app and nginx reverse proxy.

4

The breaking change happens between Grafana Version 10.1.10 and somewhere between 10.2.0 and 10.2.8

Just tested it on my docker environment.

5

IMHO there is some problem/security on the browser level, which may block a cookie on the iframe. Check with browser console/configure:

  • Content Security Policy headers
  • Cookie samesite config
    -…

Login Grafana cookie in the iframe is a third party cookie from the browser perspective and browsers are limiting these types of cookies. Some browsers may log this blocking as a message in the browser console.

6

But all I do is change the grafana version, I switch nothing else in my environment. In Version 10.1.10 the cookies are returned and in version 1.2.8 they are not. So from my point of view there is something wrong with the new grafana versions, or am I wrong here?

7

Yes, you can be right, there can be some bug introduced (for example samesite config is not applied correctly anymore or billions other possible bugs), but you need to prove it - I gave you some tips what can be wrong

1 Like
8

Thank you already, for trying to help.

I also wanted to mention this, for the case that it is a bug in the grafana code. So the developers can take a look at that.

My angular development settings include this proxy config:

{
  "/api": {
    "target": "http://localhost:3000",
    "secure": false,
    "logLevel": "debug"
  },
  "/grafana": {
    "target": "http://localhost:9000",
    "secure": false,
    "logLevel": "debug"
  }
}

Version 10.2.8
Response headers on login:

HTTP/1.1 302 Found
Access-Control-Allow-Origin: *
cache-control: no-store
content-encoding: gzip
content-type: text/html; charset=utf-8
location: /grafana/
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
date: Mon, 08 Jul 2024 15:47:16 GMT
content-length: 56
connection: close

Grafana Docker container log for login:

2024-07-08 17:48:42 logger=context userId=1 orgId=1 uname=admin t=2024-07-08T15:48:42.722665051Z level=info msg="Request Completed" method=GET path=/login/ status=302 remote_addr=192.168.89.1 time_ms=26 duration=26.609821ms size=32 referer=http://localhost/login handler=/login

Version 10.1.10
Response headers on login:

HTTP/1.1 302 Found
Access-Control-Allow-Origin: *
cache-control: no-store
content-encoding: gzip
content-type: text/html; charset=utf-8
location: /grafana/
set-cookie: grafana_session=e33f0cb0408215ef6c10c14cf0c7eb8c; Path=/grafana; Max-Age=2592000; HttpOnly; SameSite=Lax
set-cookie: grafana_session_expiry=1720454397; Path=/grafana; Max-Age=2592000; SameSite=Lax
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
date: Mon, 08 Jul 2024 15:50:02 GMT
content-length: 56
connection: close

Grafana docker container log on login:

2024-07-08 17:51:49 logger=http.server t=2024-07-08T15:51:49.522640404Z level=info msg="Successful Login" User=admin@localhost
2024-07-08 17:51:49 logger=context userId=1 orgId=1 uname=admin t=2024-07-08T15:51:49.523319181Z level=info msg="Request Completed" method=GET path=/login/ status=302 remote_addr=192.168.89.1 time_ms=41 duration=41.550136ms size=32 referer=http://localhost/login handler=/login
9

But this is not developer forum. I’m just random guy from the Internet with some (maybe) usefull hints.

I don’t see any debug logs.

10

Would it be better to post this as a github issue?

Here is the Version 10.2.8 debug log

2024-07-08 18:02:41 logger=auth.jwt t=2024-07-08T16:02:41.71100986Z level=debug msg="Parsing JSON Web Token"
2024-07-08 18:02:41 logger=auth.jwt t=2024-07-08T16:02:41.711075115Z level=debug msg="Trying to verify JSON Web Token using a key"
2024-07-08 18:02:41 logger=auth.jwt t=2024-07-08T16:02:41.71135383Z level=debug msg="Validating JSON Web Token claims"
2024-07-08 18:02:41 logger=user.sync t=2024-07-08T16:02:41.714659152Z level=debug msg="Updating auth connection for user" id=
2024-07-08 18:02:41 logger=login.authinfo.store t=2024-07-08T16:02:41.715601321Z level=debug msg="Updated user_auth" user_id=1 auth_id=admin auth_module=jwt rows=1
2024-07-08 18:02:41 logger=org.sync t=2024-07-08T16:02:41.729394299Z level=debug msg="Syncing organization roles" id=user:1 extOrgRoles=map[1:Admin]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.731662714Z level=debug msg=FeatureEnabled feature=accesscontrol.enforcement enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=accesscontrol.service t=2024-07-08T16:02:41.731710476Z level=debug msg="Fetch permissions from store" key=rbac-permissions-1-user-1
2024-07-08 18:02:41 logger=accesscontrol.service t=2024-07-08T16:02:41.734034398Z level=debug msg="Cache permissions" key=rbac-permissions-1-user-1
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.735837097Z level=debug msg=FeatureEnabled feature=dspermissions.enforcement enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.735958493Z level=debug msg=FeatureEnabled feature=accesscontrol enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.735967318Z level=debug msg=FeatureEnabled feature=accesscontrol.enforcement enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.735971691Z level=debug msg=FeatureEnabled feature=admin enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.735975483Z level=debug msg=FeatureEnabled feature=analytics enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.73597919Z level=debug msg=FeatureEnabled feature=analytics.writers enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.735983011Z level=debug msg=FeatureEnabled feature=auditing enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.735986747Z level=debug msg=FeatureEnabled feature=caching enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.735990361Z level=debug msg=FeatureEnabled feature=caching.api enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.735994989Z level=debug msg=FeatureEnabled feature=caching.queries enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.735998754Z level=debug msg=FeatureEnabled feature=caching.resources enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.736002428Z level=debug msg=FeatureEnabled feature=config.vault enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.736006094Z level=debug msg=FeatureEnabled feature=dspermissions enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.736015001Z level=debug msg=FeatureEnabled feature=dspermissions.enforcement enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.736019001Z level=debug msg=FeatureEnabled feature=encryption.aesgcm enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.736022527Z level=debug msg=FeatureEnabled feature=enterprise.plugins enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.73602631Z level=debug msg=FeatureEnabled feature=grafanacloud enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.736030011Z level=debug msg=FeatureEnabled feature=kms.encryption enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.736034724Z level=debug msg=FeatureEnabled feature=ldapdebug enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.736038423Z level=debug msg=FeatureEnabled feature=ldapsync enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.736041998Z level=debug msg=FeatureEnabled feature=publicDashboardsEmailSharing enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.736045741Z level=debug msg=FeatureEnabled feature=provisioning enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.736050086Z level=debug msg=FeatureEnabled feature=recordedqueries enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.73605385Z level=debug msg=FeatureEnabled feature=reports enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.736057512Z level=debug msg=FeatureEnabled feature=reports.creation enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.736061102Z level=debug msg=FeatureEnabled feature=reports.email enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.736064602Z level=debug msg=FeatureEnabled feature=reports.pdf enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.736068041Z level=debug msg=FeatureEnabled feature=saml enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.736071831Z level=debug msg=FeatureEnabled feature=teamsync enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.73607578Z level=debug msg=FeatureEnabled feature=teamgroupsync enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.73607942Z level=debug msg=FeatureEnabled feature=userlimits enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.736083268Z level=debug msg=FeatureEnabled feature=whitelabeling enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.736827632Z level=debug msg=FeatureEnabled feature=saml enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=accesscontrol.evaluator t=2024-07-08T16:02:41.737133762Z level=debug msg="Matched scope" userscope=settings:* targetscope=settings:*
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.737166492Z level=debug msg=FeatureEnabled feature=accesscontrol.enforcement enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=accesscontrol.service t=2024-07-08T16:02:41.737178055Z level=debug msg="Fetch permissions from store" key=rbac-permissions-0-user-1
2024-07-08 18:02:41 logger=accesscontrol.service t=2024-07-08T16:02:41.738617246Z level=debug msg="Cache permissions" key=rbac-permissions-0-user-1
2024-07-08 18:02:41 logger=accesscontrol.evaluator t=2024-07-08T16:02:41.738711806Z level=debug msg="Matched scope" userscope=settings:* targetscope=settings:*
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743447468Z level=debug msg=FeatureEnabled feature=accesscontrol.enforcement enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=accesscontrol.service t=2024-07-08T16:02:41.743487203Z level=debug msg="Using cached permissions" key=rbac-permissions-1-user-1
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743552631Z level=debug msg=FeatureEnabled feature=reports enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743582235Z level=debug msg=FeatureEnabled feature=accesscontrol enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743587971Z level=debug msg=FeatureEnabled feature=accesscontrol.enforcement enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743592121Z level=debug msg=FeatureEnabled feature=admin enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743596614Z level=debug msg=FeatureEnabled feature=analytics enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743600564Z level=debug msg=FeatureEnabled feature=analytics.writers enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743628427Z level=debug msg=FeatureEnabled feature=auditing enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743634327Z level=debug msg=FeatureEnabled feature=caching enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.74363899Z level=debug msg=FeatureEnabled feature=caching.api enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743643722Z level=debug msg=FeatureEnabled feature=caching.queries enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743654274Z level=debug msg=FeatureEnabled feature=caching.resources enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743658621Z level=debug msg=FeatureEnabled feature=config.vault enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743662232Z level=debug msg=FeatureEnabled feature=dspermissions enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743665914Z level=debug msg=FeatureEnabled feature=dspermissions.enforcement enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743675236Z level=debug msg=FeatureEnabled feature=encryption.aesgcm enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743697314Z level=debug msg=FeatureEnabled feature=enterprise.plugins enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743707883Z level=debug msg=FeatureEnabled feature=grafanacloud enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743715284Z level=debug msg=FeatureEnabled feature=kms.encryption enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743742562Z level=debug msg=FeatureEnabled feature=ldapdebug enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.74374868Z level=debug msg=FeatureEnabled feature=ldapsync enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743753733Z level=debug msg=FeatureEnabled feature=publicDashboardsEmailSharing enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743758256Z level=debug msg=FeatureEnabled feature=provisioning enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743764181Z level=debug msg=FeatureEnabled feature=recordedqueries enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743773721Z level=debug msg=FeatureEnabled feature=reports enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743779873Z level=debug msg=FeatureEnabled feature=reports.creation enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743783829Z level=debug msg=FeatureEnabled feature=reports.email enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.74378771Z level=debug msg=FeatureEnabled feature=reports.pdf enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743834662Z level=debug msg=FeatureEnabled feature=saml enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743861764Z level=debug msg=FeatureEnabled feature=teamsync enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743869884Z level=debug msg=FeatureEnabled feature=teamgroupsync enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743875391Z level=debug msg=FeatureEnabled feature=userlimits enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743929394Z level=debug msg=FeatureEnabled feature=whitelabeling enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743951501Z level=debug msg=FeatureEnabled feature=whitelabeling enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=token t=2024-07-08T16:02:41.743973691Z level=debug msg=FeatureEnabled feature=grafanacloud enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:41 logger=context userId=1 orgId=1 uname=admin t=2024-07-08T16:02:41.744383705Z level=info msg="Request Completed" method=GET path=/login/ status=302 remote_addr=192.168.89.1 time_ms=33 duration=33.520724ms size=32 referer=http://localhost/login handler=/login
2024-07-08 18:02:42 logger=auth.jwt t=2024-07-08T16:02:42.227043208Z level=debug msg="Parsing JSON Web Token"
2024-07-08 18:02:42 logger=auth.jwt t=2024-07-08T16:02:42.227202301Z level=debug msg="Trying to verify JSON Web Token using a key"
2024-07-08 18:02:42 logger=auth.jwt t=2024-07-08T16:02:42.227734701Z level=debug msg="Validating JSON Web Token claims"
2024-07-08 18:02:42 logger=user.sync t=2024-07-08T16:02:42.23183233Z level=debug msg="Updating auth connection for user" id=
2024-07-08 18:02:42 logger=login.authinfo.store t=2024-07-08T16:02:42.232810526Z level=debug msg="Updated user_auth" user_id=1 auth_id=admin auth_module=jwt rows=1
2024-07-08 18:02:42 logger=org.sync t=2024-07-08T16:02:42.23961723Z level=debug msg="Syncing organization roles" id=user:1 extOrgRoles=map[1:Admin]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.242702038Z level=debug msg=FeatureEnabled feature=accesscontrol.enforcement enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=accesscontrol.service t=2024-07-08T16:02:42.242761965Z level=debug msg="Using cached permissions" key=rbac-permissions-1-user-1
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244410968Z level=debug msg=FeatureEnabled feature=dspermissions.enforcement enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244553005Z level=debug msg=FeatureEnabled feature=accesscontrol enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244587007Z level=debug msg=FeatureEnabled feature=accesscontrol.enforcement enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244595899Z level=debug msg=FeatureEnabled feature=admin enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.24460142Z level=debug msg=FeatureEnabled feature=analytics enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244607107Z level=debug msg=FeatureEnabled feature=analytics.writers enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244612651Z level=debug msg=FeatureEnabled feature=auditing enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244620444Z level=debug msg=FeatureEnabled feature=caching enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244626063Z level=debug msg=FeatureEnabled feature=caching.api enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244632065Z level=debug msg=FeatureEnabled feature=caching.queries enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244637364Z level=debug msg=FeatureEnabled feature=caching.resources enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244644704Z level=debug msg=FeatureEnabled feature=config.vault enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244650998Z level=debug msg=FeatureEnabled feature=dspermissions enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.24465824Z level=debug msg=FeatureEnabled feature=dspermissions.enforcement enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244665207Z level=debug msg=FeatureEnabled feature=encryption.aesgcm enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244670707Z level=debug msg=FeatureEnabled feature=enterprise.plugins enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.24467657Z level=debug msg=FeatureEnabled feature=grafanacloud enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244685902Z level=debug msg=FeatureEnabled feature=kms.encryption enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244693209Z level=debug msg=FeatureEnabled feature=ldapdebug enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.24469925Z level=debug msg=FeatureEnabled feature=ldapsync enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244704897Z level=debug msg=FeatureEnabled feature=publicDashboardsEmailSharing enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244710847Z level=debug msg=FeatureEnabled feature=provisioning enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244716399Z level=debug msg=FeatureEnabled feature=recordedqueries enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.24474257Z level=debug msg=FeatureEnabled feature=reports enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244750684Z level=debug msg=FeatureEnabled feature=reports.creation enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244772329Z level=debug msg=FeatureEnabled feature=reports.email enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244779666Z level=debug msg=FeatureEnabled feature=reports.pdf enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244787039Z level=debug msg=FeatureEnabled feature=saml enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244792815Z level=debug msg=FeatureEnabled feature=teamsync enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244798156Z level=debug msg=FeatureEnabled feature=teamgroupsync enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244803019Z level=debug msg=FeatureEnabled feature=userlimits enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.244808266Z level=debug msg=FeatureEnabled feature=whitelabeling enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.245992464Z level=debug msg=FeatureEnabled feature=saml enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=accesscontrol.evaluator t=2024-07-08T16:02:42.246440984Z level=debug msg="Matched scope" userscope=settings:* targetscope=settings:*
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.246490016Z level=debug msg=FeatureEnabled feature=accesscontrol.enforcement enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=accesscontrol.service t=2024-07-08T16:02:42.246511676Z level=debug msg="Using cached permissions" key=rbac-permissions-0-user-1
2024-07-08 18:02:42 logger=accesscontrol.evaluator t=2024-07-08T16:02:42.24661663Z level=debug msg="Matched scope" userscope=settings:* targetscope=settings:*
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248298812Z level=debug msg=FeatureEnabled feature=accesscontrol.enforcement enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=accesscontrol.service t=2024-07-08T16:02:42.248352195Z level=debug msg="Using cached permissions" key=rbac-permissions-1-user-1
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248412399Z level=debug msg=FeatureEnabled feature=reports enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.24842641Z level=debug msg=FeatureEnabled feature=accesscontrol enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248453551Z level=debug msg=FeatureEnabled feature=accesscontrol.enforcement enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248463675Z level=debug msg=FeatureEnabled feature=admin enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248470166Z level=debug msg=FeatureEnabled feature=analytics enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248475684Z level=debug msg=FeatureEnabled feature=analytics.writers enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248483703Z level=debug msg=FeatureEnabled feature=auditing enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248491507Z level=debug msg=FeatureEnabled feature=caching enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248498343Z level=debug msg=FeatureEnabled feature=caching.api enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248504665Z level=debug msg=FeatureEnabled feature=caching.queries enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248509939Z level=debug msg=FeatureEnabled feature=caching.resources enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248515434Z level=debug msg=FeatureEnabled feature=config.vault enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248521484Z level=debug msg=FeatureEnabled feature=dspermissions enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248527232Z level=debug msg=FeatureEnabled feature=dspermissions.enforcement enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248552966Z level=debug msg=FeatureEnabled feature=encryption.aesgcm enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248582424Z level=debug msg=FeatureEnabled feature=enterprise.plugins enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248591059Z level=debug msg=FeatureEnabled feature=grafanacloud enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248611669Z level=debug msg=FeatureEnabled feature=kms.encryption enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248620879Z level=debug msg=FeatureEnabled feature=ldapdebug enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248627084Z level=debug msg=FeatureEnabled feature=ldapsync enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248632476Z level=debug msg=FeatureEnabled feature=publicDashboardsEmailSharing enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.24863972Z level=debug msg=FeatureEnabled feature=provisioning enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248645517Z level=debug msg=FeatureEnabled feature=recordedqueries enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248650488Z level=debug msg=FeatureEnabled feature=reports enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248659641Z level=debug msg=FeatureEnabled feature=reports.creation enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248667364Z level=debug msg=FeatureEnabled feature=reports.email enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248674023Z level=debug msg=FeatureEnabled feature=reports.pdf enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.24867996Z level=debug msg=FeatureEnabled feature=saml enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248706888Z level=debug msg=FeatureEnabled feature=teamsync enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248715142Z level=debug msg=FeatureEnabled feature=teamgroupsync enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248722762Z level=debug msg=FeatureEnabled feature=userlimits enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248729427Z level=debug msg=FeatureEnabled feature=whitelabeling enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248761631Z level=debug msg=FeatureEnabled feature=whitelabeling enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
2024-07-08 18:02:42 logger=token t=2024-07-08T16:02:42.248788221Z level=debug msg=FeatureEnabled feature=grafanacloud enabled=false licenseStatus=NotFound hasLicense=false hasValidLicense=false products=[]
11

Probably yes, but first check existing issues, maybe it’s already reported/fixed.

The best way is to contact your Grafana support (if you paid for one) - they can debug/verify/raise/fix issue.

12

It will be nice if you keep reference: Authentication/Login: Login Url Request with JWT Token does not set grafana_session cookies · Issue #90200 · grafana/grafana · GitHub

1 Like