Hello

I’m developing a data source plugin that must retrieve data from an external service via REST API. The external service uses the same SSO credentials as the users who are logged in to Grafana. I have configured Grafana’s Generic OAuth authentication to use our SSO and it works flawlessly.

However an attempt to read data from the external service using getBackendSrv().fetch() fails. Here is the corresponding information from the grafana log:

msg=Requesting url=https://<server>/<endpoint>
msg=“auth info retrieved from cache” cacheKey=authinfo-2–
msg=“Neither access nor id token have expired yet”
userId=2 orgId=1 uname=<user>@<domain> path=/api/datasources/proxy/uid/aeg7ojy45jgn4d/ remote_addr=XX.XX.XX.XX referer= t=2025-03-18T13:03:13.865833842Z level=info msg=“Authentication to data source failed” body=“\n\n401 Unauthorized\n\n

Unauthorized

\n

This server could not verify that you\nare authorized to access the document\nrequested. Either you supplied the wrong\ncredentials (e.g., bad password), or your\nbrowser doesn’t understand how to supply\nthe credentials required.

\n\n” statusCode=401

Here the <server> <endpoint> <user> and <domain> parameters are all correct and according to the logs it seems that auth token is successfully found in the cache. However it seems that the token is not added to the request headers, because I cannot see it in the browser developers console.

I have the Forward OAuth Identity option in the DataSourceHttpSettings settings of my plugin and activated the corresponding toggle, but this doesn’t help.

Am I doing something wrong?
I’m using Grafana 11.5.2
Thank you