Cannot get oAuth (Grafana) to work … please help #14307
Unanswered
IonasElate
asked this question in
Q&A
Replies: 2 comments
-
|
I'm not certain but it might be that you need to set your grafana root URL. This is mentioned in the last section of the integration doc. There's an example in the grafana documentation. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Hello I tried and it still does not work. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello
I have implemented Authentik successfully for proxmox, portainer, most of my docker containers and a few external services.
Unfortunately I am hard stuck on setting it up with grafana. I followed the guide here: https://docs.goauthentik.io/integrations/services/grafana/
I am asked to log into authentik when i go to my grafana.company page but then i see the grafana dashboard (logged out).
If I try to log in i get the option to sign in with authentik but when i click it I get: Redirect URI Error
The request fails due to a missing, invalid, or mismatching redirection URI (redirect_uri). It is set to https://grafana.my_real_domain/login/generic_oauth
I quadruple checked the redirect URI and don't know what is going wrong here … I hope you can help.
`
networks:
frontend:
external: true
backend:
external: true
services:
grafana:
image: grafana/grafana:latest
container_name: grafana
# ports:
# - 3010:3000
environment:
GF_AUTH_ANONYMOUS_ENABLED: 'true'
GF_SECURITY_ALLOW_EMBEDDING: 'true'
GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
GF_AUTH_GENERIC_OAUTH_NAME: "authentik"
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "${AUTHENTIK_CLIENT_ID}"
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "${AUTHENTIK_CLIENT_SECRET}"
GF_AUTH_GENERIC_OAUTH_SCOPES: "openid profile email"
GF_AUTH_GENERIC_OAUTH_AUTH_URL: "https://authentik.${DOMAIN}/application/o/authorize/"
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "https://authentik.${DOMAIN}/application/o/token/"
GF_AUTH_GENERIC_OAUTH_API_URL: "https://authentik.${DOMAIN}/application/o/userinfo/"
GF_AUTH_SIGNOUT_REDIRECT_URL: "https://authentik.${DOMAIN}/application/o/grafana/end-session/"
user: "1001"
labels:
- traefik.enable=true
- traefik.http.services.grafana.loadbalancer.server.port=3000
- traefik.http.routers.grafana.entrypoints=websecure
- traefik.http.routers.grafana.rule=Host(
grafana.${DOMAIN})- traefik.http.routers.grafana.tls=true
- traefik.http.routers.grafana.tls.certresolver=cloudflare
- traefik.http.routers.grafana.middlewares=authentik-middleware@file
networks:
- frontend
volumes:
- ./data:/var/lib/grafana
restart: always
`
of course i have a .env file in the same directory as the docker-compose.yml that contains the DOMAIN= as well as the client id and secret variables …
Beta Was this translation helpful? Give feedback.
All reactions