I have followed the below documentation and configured the JWT settings in grafana.ini file as follows.
Link: https://grafana.com/docs/grafana/latest/auth/jwt/
[auth.jwt]
enabled = true
header_name = X-JWT-Assertion
email_claim = unique_name
username_claim = nameid
org_claim = organization
name_claim = given_name
jwk_set_file = /var/lib/grafana/jwks.json
cache_ttl = 60m
expect_claims = {"iss": "https://<ApplicationDomain>/oauth2/token"}
auto_sign_up = true
I have a generated a new JWT token from our application and did the following GET call to authenticate the user. But I am getting “Invalid JWT” error message as response.
curl -H "X-JWT-Assertion: "JWT token" https://<Grafan-domain-url>/api/user
I have validated and verified the signature of the JWT token in jwt.io portal with jwks.json public key. Signature is Verified.
Error Message in Grafana Logs:
t=2022-02-21T13:43:55+0000 lvl=eror msg="Invalid JWT" logger=context error="invalid username or password"
t=2022-02-21T13:43:55+0000 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/api/user status=401 remote_addr=49.205.10.66 time_ms=1 size=31 referer=
Expected Output:
With Valid JWT token we are able to authenticate using JWKS.json file and fetch details if user already exists in Grafana. Create a user if not existed in Grafana database.