Refreshing OAuth Token Hourly for JSON API Data Source

Hello Grafana Community,

I’m currently working on a project where I need to integrate data from an external API into Grafana. The API outputs JSON data and requires an access token for authentication. The access token expires every hour and needs to be refreshed.

To obtain the access token and refresh token, I need to authenticate with my email and password to a specific endpoint. Once I have the refresh token, I can use it to refresh the access token every hour at another endpoint.

I’ve been using the JSON API data source plugin to load data from the API into Grafana. I’ve set up the data source with the access token in the Authorization header. However, I’m running into an issue with the token expiration. Since the token expires every hour, I need to manually update it in the data source configuration, which is not feasible for our use case.

I’ve read the Grafana documentation and searched the forum, but I couldn’t find a clear solution to this problem.

Does Grafana support automatic token refresh for data sources? If so, could you please guide me on how to configure this? If not, do you have any suggestions for a workaround? I’m considering setting up a backend service to handle the token refresh and update the token in Grafana’s data source configuration, but I’m hoping there might be a simpler solution.

Any guidance or suggestions would be greatly appreciated. Thank you in advance for your help!

Refresh token for auth is very unusual idea. Usually, there should be implemented a flow, which obtain tokens and then manage their life.
I would say you need to fork plugin and develop auth on your own. E. g. Add authentication for data source plugins | Grafana documentation

Hello,

Thank you for your response!

I wasn’t aware that my current situation was an unusual one, I was under the impression that using a refresh token to periodically renew an access token was a common practice in OAuth2 implementations.

I also came across the Infinity plugin which seems to be implementing OAuth2.0 authentication. However, it appears that my authentication situation needs might not fit with its OAuth2.0 auth method.

After reading the Grafana documentation, I understand that I need to fork a plugin and add an OAuth 2.0 proxy to handle the authentication flow. Or else, create my own proxy backend in python, for example, I suppose.

Before I proceed with this approach, I wanted to ask if (still) there are any pre-built solutions or features in Grafana or its plugins that could handle the token refresh?

Thanks a lot.

Yes, that is common practice. But it is not a common practice to save that refresh token. Common practice is for example saving of client id/client secret for client credential flow, which will obtain that refresh token then.