OAuth user is moved to default org from their own org on first login (10.1.1)

  • What Grafana version and what operating system are you using?
    Grafana 10.1.1
    OS linux

  • What are you trying to achieve?
    Each OAuth user will have their own org and when they log in, they will end up in their own org.

  • How are you trying to achieve it?
    I create an OAuth user and an org and put that user in their own org, using Grafana API.
    I checked that the org is created and the OAuth user is only in that org.
    When the OAuth user logs in, they will end up in their assigned org correctly (Grafana 10.0.3)

  • What happened?
    When the OAuth user logged in, they ended up in the default org (Grafana 10.1.1)

  • What did you expect to happen?
    The user should end up in their own assigned org.

  • Can you copy/paste the configuration(s) that you are having problems with?

"environment": [
    {
        "name": "GF_AUTH_GENERIC_OAUTH_API_URL",
        "value": "xxx"
    },
    {
        "name": "GF_DATABASE_PASSWORD",
        "value": "xxx"
    },
    {
        "name": "GF_AUTH_GENERIC_OAUTH_TOKEN_URL",
        "value": "xxx"
    },
    {
        "name": "GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET",
        "value": "xxx"
    },
    {
        "name": "GF_AUTH_SIGNOUT_REDIRECT_URL",
        "value": "xxx"
    },
    {
        "name": "GF_DATABASE_USER",
        "value": "postgres"
    },
    {
        "name": "GF_SMTP_USER",
        "value": "xxx"
    },
    {
        "name": "GF_AUTH_GENERIC_OAUTH_CLIENT_ID",
        "value": "xxx"
    },
    {
        "name": "GF_USERS_AUTO_ASSIGN_ORG_ID",
        "value": "83"
    },
    {
        "name": "GF_DATABASE_HOST",
        "value": "xxx"
    },
    {
        "name": "GF_AUTH_GENERIC_OAUTH_ENABLED",
        "value": "true"
    },
    {
        "name": "GF_SMTP_FROM_ADDRESS",
        "value": "xxx"
    },
    {
        "name": "GF_AUTH_GENERIC_OAUTH_SCOPES",
        "value": "email profile aws.cognito.signin.user.admin openid"
    },
    {
        "name": "GF_DATABASE_TYPE",
        "value": "postgres"
    },
    {
        "name": "GF_USERS_AUTO_ASSIGN_ORG",
        "value": "true"
    },
    {
        "name": "GF_AUTH_GENERIC_OAUTH_AUTH_URL",
        "value": "xxx"
    },
    {
        "name": "GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP",
        "value": "true"
    },
    {
        "name": "GF_SERVER_DOMAIN",
        "value": "xxx"
    },
    {
        "name": "GF_AUTH_GENERIC_OAUTH_ENABLED_NAME",
        "value": "Cognito"
    },
    {
        "name": "GF_SMTP_HOST",
        "value": "xxx"
    },
    {
        "name": "GF_AUTH_OAUTH_ALLOW_INSECURE_EMAIL_LOOKUP",
        "value": "true"
    },
    {
        "name": "GF_DATABASE_SSL_MODE",
        "value": "disable"
    },
    {
        "name": "GF_INSTALL_PLUGINS",
        "value": "grafana-timestream-datasource"
    },
    {
        "name": "GF_SMTP_PASSWORD",
        "value": "xxx"
    },
    {
        "name": "GF_SMTP_ENABLED",
        "value": "true"
    },
    {
        "name": "GF_SERVER_ROOT_URL",
        "value": "xxx"
    }
]
  • Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.
    No

  • Did you follow any online instructions? If so, what is the URL?
    No

Here is the story:
Grafana 10.0.3:

  • I create an OAuth user
  • I create an org
  • I assign that user to that org
  • OAuth user logs in and will be in its own org. This is the expected behavior

Grafana 10.1.1:

  • I create an OAuth user
  • I create an org
  • I assign that user to that org
  • OAuth user logs in and will be in the default org. This is not the expected behavior