Grafana JWT token redirection is not woriking

We are planning to configure the Grafana in such a way that our application user will be able to access the Grafana dashboards using JWT token generated from our application.

We have configured JWT settings in grafana.ini config file and created a users in Grafana and provided the respective view permissions to the dashboard. Now when the user is logged into Grafana will be redirected to dashboard page. From browser we have tested this and we are able to redirect to dashboard page. The following is the JWT configuration.

enabled = true
header_name = X-JWT-Assertion
email_claim = nameid
username_claim = nameid
jwk_set_file = /var/lib/grafana/jwks.json
cache_ttl = 60m
expect_claims = {"iss": "https://<identity-server-url>.com/oauth2/token"}

To test the JWT token configuration we have generated a JWT token from our application and tested from postman. Authentication worked and we have received the below response with redirect uri.

API Call:
curl -H “X-JWT-Assertion: ” https://<grafana_url/api/dashboards/home

    "redirectUri": "/d/mcn9vedWp/onblicktrackergoogleinc"

We have copied this url and appended to Grafana hostname. Then tried accessing it from browser it is redirecting to login page. As per our expectation it should be redirected to user home(dashboard).

We have implemented the same thing in our application using iframe. Here also we are getting the redirect url and when we try to access it by appending this to hostname we are getting login page.

In application if we tried to pass the JWT token along with redirect url we are getting Loading Grafana html response, but the dashboard Or Home page is not coming.

appended url: https://grafana_url/d/mcn9vedWp/onblicktrackergoogleinc

Can anyone help me on this.

You have wrong expectations from JWT auth. You will add header X-JWT-Assertion to the dashboard URL → Grafana returns html → browser renders that html, but this html contains resource (JS, CSS, API calls), which didn’t have X-JWT-Assertion header, so these requests will be rejected by Grafana.