Using oauth tokens within plugin

Hey everyone. Big thanks to Grafana team for developing this excellent monitoring software!

We are currently logging users in through Oauth - Microsoft Azure AD. We then have custom Grafana plugins that make calls to a API server, which require the user’s azure token. In order to do this, we are using the MSAL.js library to get the token (and ultimately re-authenticate via popups) for each panel. This is quite a nuisance to users.

Anyone know if it’s possible to get the oauth token which was obtained during initial login within the Grafana plugin javascript? If not, what would be the recommended pattern for this use case?

Not sure if this is correct for you, but this is how I did it in my OpenFlow plugin.

  • Configure Grafana to authenticate users using OAuth toward azure
  • enable “Forward OAuth Identity” on the plugin
  • Now you will find the users access token in the header
  • reuse that token toward your API server

I know this is nearly an year old now, but could you kindly explain how you “Forward OAuth Identity” to the plugin? I’m writing a panel and cannot figure out how to get the token! The grafana doc is a bit patchy on this.

It’s a setting you can enable on a data source. This then forwards the users oauth token with every request to the data source. If you are writing a backend data source ( typically written in go ) that can be a little bit tricky, where in pure browser data sources it just works ( for me at least )
I don’t think you can access the token from a panel ? I might be wrong, never tried writing a panel, but to me it sounds correct you forward it in the data source layer