Use own JWT in grafana

Our site retrieves a JWT from keycloak when the user logs in.
This JWT is stored in the browser storage.

We are having, amongst other pages, a grafana dashboard.
We would like grafana to use our JWT for all its API calls. We have an authentication service in front of it.

For it to work in our service we need it to have the Authorization header and X-Original-Uri header.
If grafana can pass these headers with the necessary info, our auth service will handle them and we shoudn’t need grafana to do anything besides handle its API call.

How can we achieve this? We can have the JS set data in the browser in some other many if need be.

I found the following issues that look similar to our needs.

Any help or information would be great!

Thank you!

IMHO: use Grafana in Auth proxy mode + add properly configured keycloak-gatekeeper in front of Grafana -> standard cookies will be used.

Definitely better, than hacking Grafana source code only to add special headers for obscure authN/authZ system (I hope your don’t need that, because your request is only about JWT :slight_smile: ).

Hi, we decided to use embedded and load grafana in an iframe.
Now the parent can refresh the token and update the cookie.
This is proving to work rather well.

I just thought there would be a way to use the header, but even then I realize once that JWT expires, it still needs to be refreshed, which is a whole other issue.