使用Grafana API的自动身份验证 [英] Automatic Authentication using Grafana API
问题描述
在我的Web应用程序中,我希望能够将经过身份验证的用户从我的仪表板传递到 Grafana .
In my web application, I want to provide the ability to pass authenticated users from my dashboard across to Grafana.
一旦用户使用凭据登录我的仪表板,到Grafana仪表板的链接将显示在我的应用程序中.当用户单击该链接时,他/她将被重定向到Grafana页面并自动登录,而不会显示Grafana登录页面.我不希望我的用户必须遇到第二个登录屏幕,在该屏幕上他们会迷惑要输入的用户名/密码.
Once a user logged in my dashboard using credentials, a link to Grafana Dashboard will be displayed on my application. When user clicks that link, he/she will be redirected to Grafana page and automatically log in without displaying the Grafana login page. I don't want my users must encounter a second login screen, where they will be confused as to what username/password to enter.
我已关注自动登录到Web应用程序中的grafana ,自动登录到grafana仪表板,从使用凭证或令牌的Web应用程序 和通过令牌网址自动登录,但没有运气.我找不到合适的&干净的溶液.
I've followed Automatic login to grafana from web application, Auto login to grafana dashboard, Auto login to grafana from Web application using credentials or token and Automatic login by token url, but no luck. I couldn't find appropriate & clean solution.
我正在使用在Ubuntu Server 18.04上安装的Grafana v6.2.5.
I'm using Grafana v6.2.5 installed on Ubuntu Server 18.04.
我该如何实施?任何帮助将不胜感激.
How can I implement it? Any help would be appreciated.
服务器详细信息:Ubuntu Server 18.04,Apache 2.4.29
Server Details: Ubuntu Server 18.04, Apache 2.4.29
推荐答案
After some digging, I've found a workaround using Grafana's Generic OAuth Authentication.
步骤1:使用以下代码创建文件.
Step 1: Create files with the following code in it.
GrafanaOAuth.php:
<?php
declare(strict_types=1);
class GrafanaOAuth
{
protected $user;
/**
* Create a new GrafanaOAuth instance.
* @param array $user
* @return void
*/
public function __construct(array $user)
{
$this->user = $user;
}
/**
* Redirect to authentication URL.
* @param string $state
* @return void
*/
public function auth(string $state): void
{
$state = urlencode($state);
$url = "http://localhost:3000/login/generic_oauth?state={$state}&code=cc536d98d27750394a87ab9d057016e636a8ac31";
header("Location: {$url}");
}
/**
* User access token.
* @return void
*/
public function token(): void
{
$token = [
'access_token' => $this->user['access_token'],
'token_type' => 'Bearer',
'expiry_in' => '1566172800', // 20.08.2019
'refresh_token' => $this->user['refresh_token']
];
echo json_encode($token);
}
/**
* User credentials.
* @return void
*/
public function user(): void
{
$user = [
'username' => $this->user['username'],
'email' => $this->user['email']
];
echo json_encode($user);
}
}
oauth/auth.php:
<?php
declare(strict_types=1);
require __DIR__ . '/../GrafanaOAuth.php';
/**
* Fetch the details of Grafana user from your database.
*/
$user = [
'username' => 'nbayramberdiyev',
'email' => 'nbayramberdiyev@outlook.com',
'dasboard_id' => 'oNNhAtdWz',
'access_token' => md5(uniqid('nbayramberdiyev', true)),
'refresh_token' => md5(uniqid('nbayramberdiyev', true))
];
(new GrafanaOAuth($user))->auth($_GET['state']);
oauth/token.php:
<?php
declare(strict_types=1);
header('Content-Type: application/json');
require __DIR__ . '/../GrafanaOAuth.php';
/**
* Fetch the details of Grafana user from your database.
*/
$user = [
'username' => 'nbayramberdiyev',
'email' => 'nbayramberdiyev@outlook.com',
'dasboard_id' => 'oNNhAtdWz',
'access_token' => md5(uniqid('nbayramberdiyev', true)),
'refresh_token' => md5(uniqid('nbayramberdiyev', true))
];
(new GrafanaOAuth($user))->token();
oauth/user.php:
<?php
declare(strict_types=1);
header('Content-Type: application/json');
require __DIR__ . '/../GrafanaOAuth.php';
/**
* Fetch the details of Grafana user from your database.
*/
$user = [
'username' => 'nbayramberdiyev',
'email' => 'nbayramberdiyev@outlook.com',
'dasboard_id' => 'oNNhAtdWz',
'access_token' => md5(uniqid('nbayramberdiyev', true)),
'refresh_token' => md5(uniqid('nbayramberdiyev', true))
];
(new GrafanaOAuth($user))->user();
custom.js:
$(function() {
'use strict';
if (location.pathname === '/login') {
location.href = $('a.btn-service--oauth').attr('href');
}
});
步骤2:编辑Grafana配置文件,该文件位于Ubuntu/Debian上的/etc/grafana/grafana.ini,MAC上的/usr/local/etc/grafana/grafana.ini和Windows上的<GRAFANA_PROJECT_FOLDER>/conf/custom.ini.
Step 2: Edit Grafana configuration file which is located at /etc/grafana/grafana.ini on Ubuntu / Debian, /usr/local/etc/grafana/grafana.ini on MAC, <GRAFANA_PROJECT_FOLDER>/conf/custom.ini on Windows.
取消注释这些行,然后输入您的client_id,client_secret,auth_url,token_url,api_url:
Uncomment these lines and enter your client_id, client_secret, auth_url, token_url, api_url:
#################################### Generic OAuth ##########################
[auth.generic_oauth]
;enabled = true
;name = OAuth
;allow_sign_up = false
;client_id = some_id
;client_secret = some_secret
;scopes = user:email,read:org
;auth_url =
;token_url =
;api_url =
像这样:
#################################### Generic OAuth ##########################
[auth.generic_oauth]
enabled = true
name = OAuth
allow_sign_up = false
client_id = YOUR_APP_CLIENT_ID
client_secret = YOUR_APP_CLIENT_SECRET
scopes = user:email,read:org
auth_url = http://foo.bar/oauth/auth.php
token_url = http://foo.bar/oauth/token.php
api_url = http://foo.bar/oauth/user.php
步骤3:将custom.js放在<body>标记底部的/usr/share/grafana/public/build/index.html文件(Ubuntu/Debian)中.
Step 3: Place custom.js in /usr/share/grafana/public/build/index.html file (Ubuntu / Debian) at the bottom of <body> tag.
步骤4:重新启动Grafana服务器.
Step 4: Restart Grafana server.
-
sudo service grafana-server restart(Ubuntu/Debian) -
brew services restart grafana(MAC)
sudo service grafana-server restart(Ubuntu / Debian)brew services restart grafana(MAC)
有关示例和详细说明,请查看我的 Github存储库.
For the example and detailed explanation, have a look at my Github repo.
这篇关于使用Grafana API的自动身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
