git clone https://github.com/grafana/grafana.git
make devenv sources="auth/jwt_proxy"
Add the following to your grafana configuration.
You may need to copy the jwks.json and change the path of jwk_set_file
accordingly.
[auth.jwt]
enabled = true
enable_login_token = true
header_name = X-Forwarded-Access-Token
username_claim = login
email_claim = email
jwk_set_file = devenv/docker/blocks/auth/oauth/jwks.json
cache_ttl = 60m
expected_claims = {"iss": "http://env.grafana.local:8087/auth/realms/grafana", "azp": "grafana-oauth"}
auto_sign_up = true
url_login = true
[security]
allow_embedding = true
yarn && yarn start
Example login:
jwt-admin:grafana
Sample app authenticates against keycloak (oauth provider) and retrieves JWT token
Sample app builds a grafana URL to the dashboard with the JWT token embbeded in the URL
Example: http://env.grafana.local:3000/d/RciOKLR4z/bob-the-board?orgId=1&kiosk&auth_token=eyJhbxxxxxxxxxxxxx