Sending Post Request to Obtain a JWT and Use It for Login


I’m trying to achieve integrating Grafana to a SSO system which makes It possible to login more than one apps from a panel/web page. To achieve that, I need to send a POST request with a JSON body which includes necessary details like username, password etc. and It returns JWT to user in a JSON body. User will be able to login using JWT.

To summarize: User will login to a web page which includes buttons representing diffrent apps, user will click to a button which represents Grafana, then It will send a post request with necessary deatails to obtain JWT, after getting JWT, It will redirect to Grafana with JWT to login as already logged user to SSO panel/web page.

Also for test purposes I want to be able to send post request with curl to get JWT and login via URL.

Here is my question:

  • How should I configure Grafana to make It possbile? Honestly, I looked at the official Grafana documentation but I think it is not detailed enough for JWT authenticaton or I did not understand It very well. I didn’nt find any examples/tutorials about It also on the web unfortunately. Also, I think I couldn’t understand the JWT configuration and options well enough. I made some tries with pem file by creating keys with RSA256 and succeeded but we are going to use HS256 and I couldn’t find any examples or tutorials about it.

I would really appreciate it if someone who understands how to log in with JWT, has experience with it or has done what I want to do before can clear my confusion.

Thank you very much in advance.

That’s sounds like not very clever SSO (Why you don’t use standard Open ID Connect :man_shrugging:).

JWT in the Grafana:

I don’t believe that Grafana supports symmetric algorithm HS256. Are you really sure that your “SSO” will be secure :man_shrugging:?

First, thanks for help. I have raised concerns about security before, but this is what I am expected to do. It is going to be a private network, so of course It does not eliminate risks but we can say It is relatively low.

As I mentioned in the post, I don’t understand the Grafana document on JWT enough and I think it is insufficient. As you have brought up, I also don’t have any information about whether it supports HS256 for example, and if so, how it should be.