Grafana with Google IAP (broken after 9.2)

I am following this tutorial to set up grafana with google’s identity aware proxy in the front. basically this is the configuration setting for authentication:

    enabled: true
    header_name: "X-Goog-Iap-Jwt-Assertion"
    username_claim: "email"
    email_claim: "email"
    jwk_set_url: ""
    expect_claims: '{"iss": ""}'
    enabled: true
    header_name: "X-Goog-Authenticated-User-Email"
    header_property: "email"
    auto_sign_up: true

Grafana 9.1 works, but 9.2 breaks and i get a 401 response:

"message": "User not found",
"traceID": "xxxxx"


logger=auth.jwt t=2022-11-15T12:34:55.890692482Z level=debug msg="Validating JSON Web Token claims"
logger=context traceID=xxxxx t=2022-11-15T12:34:55.893164432Z level=debug msg="Failed to find user using JWT claims"
logger=context traceID=xxxxx t=2022-11-15T12:34:55.893193138Z level=error msg="User not found" error="invalid username or password" traceID=xxxxx

Not sure what broke between the two versions. If someone has an idea what needs to be changed, that would be much appreciated.

1 Like

Stumbled upon the same issue. Are you certain it is an issue with the version?

@zall yes, version 9.1.8 works for me.