How to login to admin while oauth_auto_login is enalbed

Title said it all, here’s my config:

root_url = https://server_name:3000/
protocol = https
cert_file = fullchain.pem
cert_key = privkey.pem
enable_gzip = true

[security]
allow_embedding = true
admin_user = hm

[auth]
oauth_auto_login = true

[auth.generic_oauth]
enabled = true
allow_sign_up = true
name = Grafana
client_id = client_id
client_secret = client_secret
scopes = identity
auth_url = https://authorize_url
token_url = https://token_url
api_url = https:/user_url

As you can see, i tried to set the admin user to my oauth username without success.

Anyone had similar use-case, How would you solve this ?

You need to use role mapping https://grafana.com/docs/grafana/latest/auth/generic-oauth/#role-mapping - map Admin role to your OAuth user.

2 Likes

Thanks for your response.

Is there any way to keep the username admin ? or any non oauth user ?

Sure, nobody is stopping you to have local users (e.g. admin) and oauth users at the same time. But then I don’t understand why you are trying oauth immediately ( oauth_auto_login = true) -> users are not able to get access to local user login form.

Users don’t have Grafana accounts, they have access to Grafana if they have to our app (where Grafana is embedded), the auto_login behavior is very important to us. But we still want to be able to login to the admin using the login form.

Is that possible ?

1 Like

Where should I put that Payload ? in the .ini file ? Is there any complete example on how to use role mapping ?

In case anyone else stumbles across this, this is possible in the later versions of Grafana

grafana.example.com/login?disableAutoLogin

See OAuth: Able to skip auto login by alexanderzobnin · Pull Request #28357 · grafana/grafana · GitHub

4 Likes

you can set both admin username and email, using admin_email