Open Authorization (OAuth):

Oauth is an open standard for access delegation, allowing secure authorization without exposing user credentials. It enables users to grant third-party applications limited access to their data on other platforms like Google, GitLab, or GitHub. OAuth works by issuing access tokens, which applications use to authenticate API requests securely. This ensures improved security, better user experience, and seamless integration across multiple services. 🚀

Grafana supports multiple OAuth providers, allowing users to authenticate using their existing credentials from Google, GitLab, GitHub, and others. This guide will walk you through configuring Google and GitLab OAuth authentication in Grafana.

Prerequisites:

Follow this blog as pre-req: https://observeability.hashnode.dev/how-to-make-your-grafana-dashboard-publicly-accessible-with-a-domain-name

1️⃣ Setting Up Google OAuth

Step 1: Create a Google OAuth App

1. Go to Google Cloud Console.

2. Navigate to APIs & Services → Credentials.

3. Click Create Credentials → OAuth Client ID.

   

4. Configure the application:

   • Application Type: Web Application

   • Name: Grafana

   • Authorized Redirect URIs:

       https://grafana-demo.ddns.net//google/login
     

Note: We are getting URI from steps we did in pre-req.

5. Click Create and copy the Client ID and Client Secret. Copy these details somewhere

Step 2: Configure Grafana for Google OAuth

We need to copy the below configuration and paste it into the grafana configuration. Since we are starting grafana with a binary file navigate to the grafana extracted file <grafana-extracted-file-name>/conf/defaults.ini for me it was /home/ec2-user/grafana-v11.4.0/conf/defaults.ini

[auth.google]
enabled = true
client_id = "YOUR_GOOGLE_CLIENT_ID"
client_secret = "YOUR_GOOGLE_CLIENT_SECRET"
scopes = "openid profile email"
auth_url = "https://accounts.google.com/o/oauth2/auth"
token_url = "https://oauth2.googleapis.com/token"
api_url = "https://www.googleapis.com/oauth2/v2/userinfo"
allow_sign_up = true

Step 3: Stop the grafana binary and restart it then access the URL in the browser

2️⃣ Setting Up GitLab OAuth

Step 1: Create a GitLab OAuth App

1. Log in to GitLab.

2. Go to User Settings → Applications.

3. Click New Application.

4. Configure the application:

   • Name: Grafana

   • Redirect URI:https://grafana-demo.ddns.net/login/gitlab

     

   • Scopes: openid, profile, email

     

5. Click Save Application and copy the Application ID and Secret.

Step 2: Configure Grafana for GitLab OAuth

Follow the step 2 we did for Google Oauth and this configuration

[auth.gitlab]
enabled = true
client_id = "YOUR_GITLAB_CLIENT_ID"
client_secret = "YOUR_GITLAB_CLIENT_SECRET"
scopes = "openid profile email"
auth_url = "https://gitlab.com/oauth/authorize"
token_url = "https://gitlab.com/oauth/token"
api_url = "https://gitlab.com/api/v4/user"
allow_sign_up = true

Step 3: Stop the grafana binary and restart it then access the URL in the browser

3️⃣ Enabling Multiple OAuth Providers

You can enable both Google and GitLab simultaneously by including both configurations in grafana.ini the configuration file you use. In our case it was defaults.ini.

[auth.google]
enabled = true
client_id = "YOUR_GOOGLE_CLIENT_ID"
client_secret = "YOUR_GOOGLE_CLIENT_SECRET"
scopes = "openid profile email"
auth_url = "https://accounts.google.com/o/oauth2/auth"
token_url = "https://oauth2.googleapis.com/token"
api_url = "https://www.googleapis.com/oauth2/v2/userinfo"
allow_sign_up = true

[auth.gitlab]
enabled = true
client_id = "YOUR_GITLAB_CLIENT_ID"
client_secret = "YOUR_GITLAB_CLIENT_SECRET"
scopes = "openid profile email"
auth_url = "https://gitlab.com/oauth/authorize"
token_url = "https://gitlab.com/oauth/token"
api_url = "https://gitlab.com/api/v4/user"
allow_sign_up = true