Grafana SSO [auth.generic_oauth] Login Failed Login provider didn't return an email address


i want to put sso in grafana with auth.generic_oauth, i put all information in grafana.ini :slight_smile:

enabled = true
name = xxxxxxxx
allow_sign_up = true
client_id = xxxxxxxxxx
client_secret = xxxxxxxxxxxxx
email_attribute_name = email:primary
scopes = mail
send_client_credentials_via_post = false
tls_skip_verify_insecure = false
auth_url = https://xxxx/openam/oauth2/authorize?realm=AccessManagement&service=simple
token_url = https://xxxx/openam/oauth2/access_token?realm=AccessManagement&service=simple
api_url = https://xxxx/openam/oauth2/tokeninfo?realm=AccessManagement&service=simple

i have this message in /var/log/grafana.log

> t=2019-09-13T11:33:43+0200 lvl=info msg="state check" logger=oauth queryState=d538205dcb597bec9d88dfb50fb9eb13fe1641146b0555e92f7f11780741cf03 cookieState=d538205dcb597bec9d88dfb50fb9eb13fe1641146b0555e92f7f11780741cf03
> t=2019-09-13T11:33:43+0200 lvl=eror msg="Login provider didn't return an email address" logger=context userId=0 orgId=5 uname=
> t=2019-09-13T11:33:43+0200 lvl=info msg="Request Completed" logger=context userId=0 orgId=5 uname= method=GET path=/login/generic_oauth status=302 remote_addr= time_ms=319 size=29 referer=

do you have an idea ? , thanks

What Grafana version? Seems like an attribute email:primary is not returned in payload so you may have to change that to an attribute thatโ€™s returned. You can enable debug logging to get more information:

filters = oauth.generic_oauth:debug