Grafana with Google IAP (broken after 9.2)

I am following this tutorial to set up grafana with google’s identity aware proxy in the front. basically this is the configuration setting for authentication:

  auth.jwt:
    enabled: true
    header_name: "X-Goog-Iap-Jwt-Assertion"
    username_claim: "email"
    email_claim: "email"
    jwk_set_url: "https://www.gstatic.com/iap/verify/public_key-jwk"
    expect_claims: '{"iss": "https://cloud.google.com/iap"}'
  auth.proxy:
    enabled: true
    header_name: "X-Goog-Authenticated-User-Email"
    header_property: "email"
    auto_sign_up: true

Grafana 9.1 works, but 9.2 breaks and i get a 401 response:

{
"message": "User not found",
"traceID": "xxxxx"
}

Logs:

logger=auth.jwt t=2022-11-15T12:34:55.890692482Z level=debug msg="Validating JSON Web Token claims"
logger=context traceID=xxxxx t=2022-11-15T12:34:55.893164432Z level=debug msg="Failed to find user using JWT claims" email_claim=user@example.com username_claim=user@example.com
logger=context traceID=xxxxx t=2022-11-15T12:34:55.893193138Z level=error msg="User not found" error="invalid username or password" traceID=xxxxx

Not sure what broke between the two versions. If someone has an idea what needs to be changed, that would be much appreciated.

1 Like

Stumbled upon the same issue. Are you certain it is an issue with the version?

@zall yes, version 9.1.8 works for me.