I’m trying to get an access (via Nginx proxy) to embedded Grafana in my web application via auth0 (JWT token) authentication.
Nginx address: IP_ADDRESS
Grafana address: https://grafana.domain.pl
Web app address: https://domain.pl
Grafana version is 8.5.1
Some grafana.ini
sections:
[security]
cookie_samesite = disabled
allow_embedding = true
cookie_secure = true
cookie_httponly = true
[auth.generic_oauth]
enabled = true
name = OAuth
client_secret = CLIENT_SECRET
client_id = CLIENT_ID
scopes = orgs openid profile roles email
auth_url = https://domain.eu.auth0.com/authorize
token_url = https://domain.eu.auth0.com/oauth/token
api_url = https://domain.eu.auth0.com/userinfo
use_pkce = true
[auth]
oauth_auto_login = true
signout_redirect_url = https://grafana.domain.pl/
disable_login_form = true
[auth.jwt]
enabled = true
header_name = X-JWT-Assertion
username_claim = email
email_claim = email
jwk_set_url = https://domain.eu.auth0.com/.well-known/jwks.json
cache_ttl = 60m
auto_sign_up = true
Nginx proxy config:
location /login {
proxy_set_header X-JWT-Assertion "${arg_mytoken}";
proxy_pass https://GRAFANA_IP:3000;
proxy_cookie_path / "/; SameSite=None; HTTPOnly; Secure";
}
My PHP code after taking a token:
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_PORT => '3000',
CURLOPT_URL => 'https://grafana.domain.pl/login',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 10,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_CUSTOMREQUEST => 'GET',
CURLOPT_HTTPHEADER => array('X-JWT-Assertion:' . $token),
));
$response = curl_exec($curl);
When I log in to my web app via auth0, embedded Grafana is showing me auth0 login form. I want to have authenticated Grafana. The Auth0 keys for Web app and Grafana are the same. Callbacks are ok too.