Automatic Authentication using Grafana API

2020-02-06 04:45发布

站内问答 / 前端开发
668 1 5

In my web application, I want to provide the ability to pass authenticated users from my dashboard across to Grafana.

Once a user logged in my dashboard using credentials, a link to Grafana Dashboard will be displayed on my application. When user clicks that link, he/she will be redirected to Grafana page and automatically log in without displaying the Grafana login page. I don't want my users must encounter a second login screen, where they will be confused as to what username/password to enter.

I've followed Automatic login to grafana from web application, Auto login to grafana dashboard, Auto login to grafana from Web application using credentials or token and Automatic login by token url, but no luck. I couldn't find appropriate & clean solution.

I'm using Grafana v6.2.5 installed on Ubuntu Server 18.04.

How can I implement it? Any help would be appreciated.

Server Details: Ubuntu Server 18.04, Apache 2.4.29

1条回答
来,给爷笑一个
2楼-- · 2020-02-06 05:00

After some digging, I've found a workaround using Grafana's Generic OAuth Authentication.

Step 1: Create files with the following code in it.

GrafanaOAuth.php:

<?php

declare(strict_types=1);

class GrafanaOAuth
{
    protected $user;

    /**
     * Create a new GrafanaOAuth instance.
     * @param array $user
     * @return void
     */
    public function __construct(array $user)
    {
        $this->user = $user;
    }

    /**
     * Redirect to authentication URL.
     * @param string $state
     * @return void
     */
    public function auth(string $state): void
    {
        $state = urlencode($state);
        $url = "http://localhost:3000/login/generic_oauth?state={$state}&code=cc536d98d27750394a87ab9d057016e636a8ac31";
        header("Location: {$url}");
    }

    /**
     * User access token.
     * @return void
     */
    public function token(): void
    {
        $token = [
            'access_token' => $this->user['access_token'],
            'token_type' => 'Bearer',
            'expiry_in' => '1566172800', // 20.08.2019
            'refresh_token' => $this->user['refresh_token']
        ];

        echo json_encode($token);
    }

    /**
     * User credentials.
     * @return void
     */
    public function user(): void
    {
        $user = [
            'username' => $this->user['username'],
            'email' => $this->user['email']
        ];

        echo json_encode($user);
    }
}

oauth/auth.php:

<?php

declare(strict_types=1);

require __DIR__ . '/../GrafanaOAuth.php';

/**
 * Fetch the details of Grafana user from your database.
 */
$user = [
    'username' => 'nbayramberdiyev',
    'email' => 'nbayramberdiyev@outlook.com',
    'dasboard_id' => 'oNNhAtdWz',
    'access_token' => md5(uniqid('nbayramberdiyev', true)),
    'refresh_token' => md5(uniqid('nbayramberdiyev', true))
];

(new GrafanaOAuth($user))->auth($_GET['state']);

oauth/token.php:

<?php

declare(strict_types=1);

header('Content-Type: application/json');

require __DIR__ . '/../GrafanaOAuth.php';

/**
 * Fetch the details of Grafana user from your database.
 */
$user = [
    'username' => 'nbayramberdiyev',
    'email' => 'nbayramberdiyev@outlook.com',
    'dasboard_id' => 'oNNhAtdWz',
    'access_token' => md5(uniqid('nbayramberdiyev', true)),
    'refresh_token' => md5(uniqid('nbayramberdiyev', true))
];

(new GrafanaOAuth($user))->token();

oauth/user.php:

<?php

declare(strict_types=1);

header('Content-Type: application/json');

require __DIR__ . '/../GrafanaOAuth.php';

/**
 * Fetch the details of Grafana user from your database.
 */
$user = [
    'username' => 'nbayramberdiyev',
    'email' => 'nbayramberdiyev@outlook.com',
    'dasboard_id' => 'oNNhAtdWz',
    'access_token' => md5(uniqid('nbayramberdiyev', true)),
    'refresh_token' => md5(uniqid('nbayramberdiyev', true))
];

(new GrafanaOAuth($user))->user();

custom.js:

$(function() {
    'use strict';

    if (location.pathname === '/login') {
        location.href = $('a.btn-service--oauth').attr('href');
    }
});

Step 2: Edit Grafana configuration file which is located at /etc/grafana/grafana.ini on Ubuntu / Debian, /usr/local/etc/grafana/grafana.ini on MAC, <GRAFANA_PROJECT_FOLDER>/conf/custom.ini on Windows.

Uncomment these lines and enter your client_id, client_secret, auth_url, token_url, api_url:

#################################### Generic OAuth ##########################
[auth.generic_oauth]
;enabled = true
;name = OAuth
;allow_sign_up = false
;client_id = some_id
;client_secret = some_secret
;scopes = user:email,read:org
;auth_url =
;token_url =
;api_url =

Like so:

#################################### Generic OAuth ##########################
[auth.generic_oauth]
enabled = true
name = OAuth
allow_sign_up = false
client_id = YOUR_APP_CLIENT_ID
client_secret = YOUR_APP_CLIENT_SECRET
scopes = user:email,read:org
auth_url = http://foo.bar/oauth/auth.php
token_url = http://foo.bar/oauth/token.php
api_url = http://foo.bar/oauth/user.php

Step 3: Place custom.js in /usr/share/grafana/public/build/index.html file (Ubuntu / Debian) at the bottom of <body> tag.

Step 4: Restart Grafana server.

  • sudo service grafana-server restart (Ubuntu / Debian)
  • brew services restart grafana (MAC)

For the example and detailed explanation, have a look at my Github repo.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)