I am trying to configure Grafana to correctly extract the user’s email from the OAuth token and use it for user login and email mapping.
I am using OAuth authentication with the email field in the response body of the token, and I have configured the User mapping settings in Grafana to extract the email using the correct JMESPath expression.
The email is not being set correctly in Grafana. Even though the email is present in the OAuth response body response_body="{“sub":"294","name":"FirstName Second Name","email":"email@gmail.com","preferred_username":"email@gmail.com"}”, Grafana is not using it to populate the user’s email or login.
I expected Grafana to correctly extract and use the email from the OAuth response, and for the user login and email fields to be populated with email@gmail.com.
Here is my current User mapping configuration in Grafana:
Name attribute path: name
Login attribute path: preferred_username
Email attribute name: email
Email attribute path: email
LOG
byteqx_grafana | logger=oauth.generic_oauth t=2025-03-06T11:48:50.526568947Z level=debug msg=“HTTP GET” url=http://django:8000/oauth/userinfo/emails status=“200 OK” response_body=“{“sub":"294","name":"FirstName Second Name","email":"email@gmail.com","preferred_username":"email@gmail.com"}”
byteqx_grafana | logger=oauth.generic_oauth t=2025-03-06T11:48:50.526683979Z level=debug msg=“Received email addresses” emails=
byteqx_grafana | logger=oauth.generic_oauth t=2025-03-06T11:48:50.5267015Z level=debug msg=“Using email address” email=
byteqx_grafana | logger=oauth.generic_oauth t=2025-03-06T11:48:50.526710013Z level=debug msg=“Setting email from fetched private email” email=
byteqx_grafana | logger=oauth.generic_oauth t=2025-03-06T11:48:50.526716004Z level=debug msg=“Defaulting to using email for user info login” email=
byteqx_grafana | logger=oauth.generic_oauth t=2025-03-06T11:48:50.526722447Z level=debug msg=“User info result” result=“Id: , Name: , Email: , Login: , Role: , Groups: , OrgRoles: map[1:Viewer]”
byteqx_grafana | logger=auth.client.generic_oauth t=2025-03-06T11:48:50.52677294Z level=warn msg=“Missing sub claim, oauth authentication without a sub claim is deprecated and will be rejected in future versions.”
byteqx_grafana | logger=authn.service t=2025-03-06T11:48:50.526794165Z level=info msg=“Failed to authenticate request” client=auth.client.generic_oauth error=”[auth.oauth.email.missing] required attribute email was not provided"
byteqx_grafana | logger=context userId=0 orgId=0 uname= t=2025-03-06T11:48:50.531087485Z level=info msg=“Request Completed” method=GET path=/login/generic_oauth status=302 remote_addr=172.20.0.1 time_ms=197 duration=197.784738ms size=29 handler=/login/:name status_source=server