Hi,
I’m trying to integrate OpenID sign in with my Grafana setup, I have it working for the most part but would like to know if there is a way to get around having to go to the Grafana login page to click ‘Log in With OAuth/Keycloak’ when I have ‘disable_login_form = true’ and check if user is logged in on my landing page.
It feels clunky when I check if user is logged in at my landing page and if not show them a login button, that goes to the Grafana login page with another button they must click to get to the Keycloak sign in form.
But any redirect I try from the Keycloak login form fails as it looks like I need the ‘state’ parameter (could be wrong about the state parameter, normally am wrong)
i.e. a url request from Grafana login page looks like:
https://auth.example.com/auth/realms/grafana/protocol/openid-connect/auth?
access_type=online&
client_id=grafana&
redirect_uri=http%3A%2F%2Fexample.com%2Fgrafana%2Flogin%2Fgeneric_oauth&
response_type=code&
scope=openid+profile+email&
state=ghBCz5g-JKBZHFVG-XVpZLFWIY0BLlGDgtuQf_pX-fg%3D
and trying a url request form my landing page like (missing state) just returns a error:
https://auth.example.com/auth/realms/grafana/protocol/openid-connect/auth?
access_type=online&
client_id=grafana&
redirect_uri=http%3A%2F%2Fexample.com%2Fgrafana%2Flogin%2Fgeneric_oauth&
response_type=code&
scope=openid+profile+email
current setting in grafana.ini
[auth]
# Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false
disable_login_form = true
# Set to true to disable the signout link in the side menu. useful if you use auth.proxy, defaults to false
disable_signout_menu = false
# URL to redirect the user to after sign out
signout_redirect_url = https://auth.example.com/auth/realms/grafana/protocol/openid-connect/logout?redirect_uri=https%3A%2F%2Fexample.com
#################################### Generic OAuth ##########################
[auth.generic_oauth]
enabled = true
name = Keycloak
allow_sign_up = false
client_id = grafana
client_secret = 32f11773-a3d1-24bf-a599-618440966750
;scopes = user:email,read:org
scopes = openid profile email
auth_url = https://auth.example.com/auth/realms/grafana/protocol/openid-connect/auth
token_url = https://auth.example.com/auth/realms/grafana/protocol/openid-connect/token
api_url = https://auth.example.com/auth/realms/grafana/protocol/openid-connect/userinfo
;team_ids =
;allowed_organizations =
Thanks for any help.