I want to enable JWT token in grafana ,so that i don't want to give send username and password to client..When i am trying this it is showing failed to start

when i am enabling in grafana.ini services it is coming in log file
please assist anyone

logger=context t=2023-08-11T15:52:58.01320217+05:30 level=warn msg=“invalid API key” error=“invalid API key” traceID=
logger=context userId=0 orgId=0 uname= t=2023-08-11T15:52:58.013467352+05:30 level=info msg=“Request Completed” method=POST path=/api/auth/keys status=401 remote_addr=[::1] time_ms=0 duration=321.754µs size=43 referer=
logger=context userId=1 orgId=1 uname=admin t=2023-08-11T15:54:28.222579996+05:30 level=info msg=“Request Completed” method=GET path=/api/live/ws status=-1 remote_addr= time_ms=10 duration=10.934407ms size=0 referer= handler=/api/live/ws
logger=context userId=1 orgId=1 uname=admin t=2023-08-11T15:55:16.872764342+05:30 level=info msg=“Request Completed” method=GET path=/api/live/ws status=-1 remote_addr= time_ms=4 duration=4.924194ms size=0 referer= handler=/api/live/ws
logger=cleanup t=2023-08-11T16:01:52.472277698+05:30 level=info msg=“Completed cleanup jobs” duration=13.981014ms
logger=grafana.update.checker t=2023-08-11T16:01:52.780481126+05:30 level=info msg=“Update check succeeded” duration=89.933004ms
logger=plugins.update.checker t=2023-08-11T16:01:53.583038533+05:30 level=info msg=“Update check succeeded” duration=651.307308ms
logger=cleanup t=2023-08-11T16:11:52.471210333+05:30 level=info msg=“Completed cleanup jobs” duration=12.935601ms
logger=grafana.update.checker t=2023-08-11T16:11:52.718932805+05:30 level=info msg=“Update check succeeded” duration=27.580086ms
logger=plugins.update.checker t=2023-08-11T16:11:53.321159523+05:30 level=info msg=“Update check succeeded” duration=389.890484ms


This seems to happen to me when grafana didn’t recognize my passed in JWT as a JWT. More specifically, if you happened to specify the incoming header as Authorization as opposed to some other custom header for passing your JWT and it doesn’t recognize the token as a JWT one.

One silent error that really messed with me for a while was that the JWT implementation appears to require the claim sub to exist on your token. But the message alerting you to it appears to never be reached/logged as a result of a guard in the code.

issue with sub property requirement silently failing JWT processing:

request stopped here:

guard existing JWT processing due to missing sub:

the message I would have liked to have received to save me time and effort troubleshooting. (but the execution path never makes it here given the above code references.


If your token has a sub claim in it, and you’re not using the Authentication header, and you still have this issue. I’ll need more info about your grafana.ini [auth.jwt] section, I’m just tossing guesses out based on my own experience trying to integrate via the JWT plugin. Be sure to sanitize any identifying/sensitive details in the section before you post anything.

best of luck.