How does grafana appends the new token received from the OAuth2 url configured in proxy routes


I saw below configuration to enable OAuth2 configuration for plugin api authentication.

  "routes": [
      "path": "api",
      "url": "",
      "tokenAuth": {
        "url": "",
        "params": {
          "grant_type": "client_credentials",
          "client_id": "{{ .SecureJsonData.clientId }}",
          "client_secret": "{{ .SecureJsonData.clientSecret }}"

My auth url response will be like

{ token: "....." }

And i need to append two headers(token, appId) to my apis authenticated URLs, as shown below

X-Client-ID: <application-unique-id>
X-Token: <token-received-from-auth-url>

1 .How do I append the token received from the the auth url to my api requests?
2. Where is this token stored after auth is succeeded? How do I fetch it and append to other api calls.

Appreciate your replies!

If you configure tokenAuth for your route, Grafana will manage the tokens in the background for you. If you need custom authentication, you need to implement it yourself in a backend plugin.

For more information, check out the docs on how to Authenticate using a backend plugin.

Thanks alot Mr @marcusolsson, I appreciate it.

Is there any way to save my token from datasource.ts in to the configuration object, jsonData in ConfigEditor component?

Even if there was, I wouldn’t recommend it. jsonData is not intended for sensitive information (that’s what secureJsonData is for).

If you’re planning to publish your plugin, you should be aware that the team rejects any submission that stores secrets in jsonData.

Okay @marcusolsson, I really appreciate your reply.

Is there anyway to save my token into secureJsonData from my datasource.ts.

Thanks in advance!

Not that I know of. Probably since only administrators are allowed to configure data sources. For example, if the query editor could update the secure JSON data, they could potentially reconfigure the credentials of the data source from the dashboard.