Having difficulty using Azure AD as login

Hello. I am having some issues while trying to setup Grafana to use Azure AD [OAuth2] to log into Grafana. My azure AD config setup is:

[auth.generic_oauth]
name = Azure AD
enabled = true
allow_sign_up = true
client_id = [clientId]
client_secret = [secret]
scopes = openid email name
tls_skip_verify_insecure = true
auth_url = https://login.microsoftonline.com/[Id]/oauth2/authorize
token_url = https://login.microsoftonline.com/[Id]/oauth2/token
api_url =
team_ids =
allowed_organizations =

And when I use this, I end up with:

Server side error :frowning:
login.OAuthLogin(get info from generic_oauth)

Error getting user info: {
“error”: “Invalid Api Key”,
“message”: “Invalid API key”
}

So, I looked for the API KEY entry in the config file and I could not find any entry for entering this key. But I cannot find anything. And well, has anyone faced this before? Am I missing something?

http://docs.grafana.org/installation/configuration/#set-up-oauth2-with-azure-active-directory

These are the very instructions I followed. And I added the disable tls verification flag because I do not have a public certificate. And I end up with the issue I mentioned

Your config above doesn’t have anything shown for client_id or client_secret, or the directory Id in the urls. Is that because you removed it before posting? If so noting that would be helpful :wink: It sounds like you may be running an older version of Grafana that doesn’t support the JWT token format, what version of Grafana are you using?

Dang it. I just noticed. If you put anything in angular brackets, it gets eliminated. but yes, I removed those parts before posting the config information here.Thanks for pointing it out! I will make edits accordingly! And I am using version 4.6. Does 4.6 have issues with this?

You’ll need to upgrade to Grafana 5

I will do just that. Thanks!

It worked! thanks a lot!

1 Like

I am having a similiar issue, I am getting AADSTS90013: Invalid input received from the user. when I try to access the Azure AD Login Page. Any idea where to start?