Integrate Grafana Enterprise Traces with an existing OAuth
Grafana Enterprise Traces (GET) supports the OpenID Connect (OIDC) core standard to validate tokens. This allows you to integrate GET with an existing OAuth token provider at your organization.
To support OIDC, provide a URL in the auth.admin.oidc.url
setting. This corresponds to the jwks_uri
field in the JSON object found at the OpenID Connect Discovery endpoints such as https://<example.com>/.well-known/openid-configuration
.
A JWT is included as the password in HTTP basic authentication or as part of a bearer token in bearer authentication. The bearer token should have two parts separated by a :
. The first part is the tenant ID. The second part is the JWT.
The JWT is validated against the URL specified above. If it is valid then an access policy name is extracted. The regular expression in auth.admin.oidc.access_policy_regex
is run against the JWT claim field specified in auth.admin.oidc.access_policy_claim
.
A sub-match has to be present to extract the access policy. Only the first sub-match is used. You can use the regular expression (.*)
for the whole claim field.
The regular expression syntax is RE2.
Example OAuth configuration
To use OIDC specify the auth.type
as enterprise
. Here is an example auth section:
auth:
type: enterprise
admin:
oidc:
url: http://127.0.0.1:5556/dex/keys
access_policy_claim: "sub"
access_policy_regex: "pref-([0-9]+)-.*"
Here is an example payload section of a valid JWT:
{
"sub": "pref-1234567890-abc",
"name": "John Doe",
"admin": true
}
The extracted access policy is 1234567890
.
Related Enterprise Traces resources
Distributed tracing with Grafana: From Tempo OSS to Enterprise
Learn about our open source tracing database, Tempo, a scalable way to store and query distributed traces generated by any open source tracing protocol.
Get started with distributed tracing with Grafana Tempo and Grafana Enterprise Traces
In this ObservabilityCON session, find out the latest features in the open source tracing project and the new addition to Grafana Enterprise Stack.
Correlate your metrics, logs, and traces with Grafana Stack
Show how Grafana’s opinionated stack will allow you to correlate your metrics, logs, and traces, all under one roof.