Grafna supports Oauth2 authentication through Omniauth, which is compatible with OIDC.
If you are running Grafana directly, you may add the following lines to your configuration.
[server]
root_url = {{ service.config["application_uri"] }}
[auth.generic_oauth]
enabled = true
allow_sign_up = true
client_id = {{ service.config["client_id"] }}
client_secret = {{ service.config["client_secret"] }}
scopes = openid profile email
auth_url = {{ url_for("sso.oidc_authorize", service_uuid=service.uuid, _external=True) }}
token_url = {{ url_for("sso.oidc_token", service_uuid=service.uuid, _external=True) }}
If you are running the Grafana Docker image, please set the following environment variables.
GF_SERVER_ROOT_URL={{ service.config["application_uri"] }}
GF_AUTH_GENERIC_OAUTH_ENABLED=True
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP=True
GF_AUTH_GENERIC_OAUTH_CLIENT_ID={{ service.config["client_id"] }}
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET={{ service.config["client_secret"] }}
GF_AUTH_GENERIC_OAUTH_SCOPES=openid profile email
GF_AUTH_GENERIC_OAUTH_AUTH_URL={{ url_for("sso.oidc_authorize", service_uuid=service.uuid, _external=True) }}
GF_AUTH_GENERIC_OAUTH_TOKEN_URL={{ url_for("sso.oidc_token", service_uuid=service.uuid, _external=True) }}
{% include "application_oidc.html" %}