使用 Grafana API 进行自动身份验证 [英] Automatic Authentication using Grafana API
问题描述
在我的 Web 应用程序中,我希望能够将经过身份验证的用户从我的仪表板传递到 Grafana.
In my web application, I want to provide the ability to pass authenticated users from my dashboard across to Grafana.
一旦用户使用凭据登录我的仪表板,我的应用程序上就会显示一个指向 Grafana 仪表板的链接.当用户单击该链接时,他/她将被重定向到 Grafana 页面并自动登录而不显示 Grafana 登录页面.我不希望我的用户必须遇到第二个登录屏幕,在那里他们会对输入的用户名/密码感到困惑.
Once a user logged in my dashboard using credentials, a link to Grafana Dashboard will be displayed on my application. When user clicks that link, he/she will be redirected to Grafana page and automatically log in without displaying the Grafana login page. I don't want my users must encounter a second login screen, where they will be confused as to what username/password to enter.
我已经按照 自动登录到来自 Web 应用程序的 grafana,自动登录到 grafana 仪表板, 从使用凭据或令牌的 Web 应用程序 和 通过令牌 url 自动登录,但没有运气.我找不到合适的 &干净的解决方案.
I've followed Automatic login to grafana from web application, Auto login to grafana dashboard, Auto login to grafana from Web application using credentials or token and Automatic login by token url, but no luck. I couldn't find appropriate & clean solution.
我使用的是安装在 Ubuntu Server 18.04 上的 Grafana v6.2.5.
I'm using Grafana v6.2.5 installed on Ubuntu Server 18.04.
我该如何实施?任何帮助将不胜感激.
How can I implement it? Any help would be appreciated.
服务器详细信息:Ubuntu Server 18.04、Apache 2.4.29
Server Details: Ubuntu Server 18.04, Apache 2.4.29
推荐答案
经过一番挖掘,我找到了使用 Grafana 的 通用 OAuth 身份验证.
After some digging, I've found a workaround using Grafana's Generic OAuth Authentication.
第 1 步:创建包含以下代码的文件.
Step 1: Create files with the following code in it.
GrafanaOAuth.php:
<?php
declare(strict_types=1);
class GrafanaOAuth
{
protected $user;
/**
* Create a new GrafanaOAuth instance.
* @param array $user
* @return void
*/
public function __construct(array $user)
{
$this->user = $user;
}
/**
* Redirect to authentication URL.
* @param string $state
* @return void
*/
public function auth(string $state): void
{
$state = urlencode($state);
$url = "http://localhost:3000/login/generic_oauth?state={$state}&code=cc536d98d27750394a87ab9d057016e636a8ac31";
header("Location: {$url}");
}
/**
* User access token.
* @return void
*/
public function token(): void
{
$token = [
'access_token' => $this->user['access_token'],
'token_type' => 'Bearer',
'expiry_in' => '1566172800', // 20.08.2019
'refresh_token' => $this->user['refresh_token']
];
echo json_encode($token);
}
/**
* User credentials.
* @return void
*/
public function user(): void
{
$user = [
'username' => $this->user['username'],
'email' => $this->user['email']
];
echo json_encode($user);
}
}
oauth/auth.php:
<?php
declare(strict_types=1);
require __DIR__ . '/../GrafanaOAuth.php';
/**
* Fetch the details of Grafana user from your database.
*/
$user = [
'username' => 'nbayramberdiyev',
'email' => 'nbayramberdiyev@outlook.com',
'dasboard_id' => 'oNNhAtdWz',
'access_token' => md5(uniqid('nbayramberdiyev', true)),
'refresh_token' => md5(uniqid('nbayramberdiyev', true))
];
(new GrafanaOAuth($user))->auth($_GET['state']);
oauth/token.php:
<?php
declare(strict_types=1);
header('Content-Type: application/json');
require __DIR__ . '/../GrafanaOAuth.php';
/**
* Fetch the details of Grafana user from your database.
*/
$user = [
'username' => 'nbayramberdiyev',
'email' => 'nbayramberdiyev@outlook.com',
'dasboard_id' => 'oNNhAtdWz',
'access_token' => md5(uniqid('nbayramberdiyev', true)),
'refresh_token' => md5(uniqid('nbayramberdiyev', true))
];
(new GrafanaOAuth($user))->token();
oauth/user.php:
<?php
declare(strict_types=1);
header('Content-Type: application/json');
require __DIR__ . '/../GrafanaOAuth.php';
/**
* Fetch the details of Grafana user from your database.
*/
$user = [
'username' => 'nbayramberdiyev',
'email' => 'nbayramberdiyev@outlook.com',
'dasboard_id' => 'oNNhAtdWz',
'access_token' => md5(uniqid('nbayramberdiyev', true)),
'refresh_token' => md5(uniqid('nbayramberdiyev', true))
];
(new GrafanaOAuth($user))->user();
custom.js:
$(function() {
'use strict';
if (location.pathname === '/login') {
location.href = $('a.btn-service--oauth').attr('href');
}
});
第 2 步: 编辑位于 /etc/grafana/grafana.ini 在 Ubuntu/Debian、/usr/local/etc 上的 Grafana 配置文件/grafana/grafana.ini 在 MAC 上,
Step 2: Edit Grafana configuration file which is located at /etc/grafana/grafana.ini on Ubuntu / Debian, /usr/local/etc/grafana/grafana.ini on MAC, <GRAFANA_PROJECT_FOLDER>/conf/custom.ini on Windows.
取消注释这些行并输入您的client_id、client_secret、auth_url、token_url、api_url:
Uncomment these lines and enter your client_id, client_secret, auth_url, token_url, api_url:
#################################### Generic OAuth ##########################
[auth.generic_oauth]
;enabled = true
;name = OAuth
;allow_sign_up = false
;client_id = some_id
;client_secret = some_secret
;scopes = user:email,read:org
;auth_url =
;token_url =
;api_url =
像这样:
#################################### Generic OAuth ##########################
[auth.generic_oauth]
enabled = true
name = OAuth
allow_sign_up = false
client_id = YOUR_APP_CLIENT_ID
client_secret = YOUR_APP_CLIENT_SECRET
scopes = user:email,read:org
auth_url = http://foo.bar/oauth/auth.php
token_url = http://foo.bar/oauth/token.php
api_url = http://foo.bar/oauth/user.php
步骤 3: 将 custom.js 放在 /usr/share/grafana/public/build/index.html 文件(Ubuntu/Debian) 在 标签的底部.
Step 3: Place custom.js in /usr/share/grafana/public/build/index.html file (Ubuntu / Debian) at the bottom of <body> tag.
第 4 步:重启 Grafana 服务器.
Step 4: Restart Grafana server.
sudo service grafana-server restart(Ubuntu/Debian)brew services restart grafana(MAC)
sudo service grafana-server restart(Ubuntu / Debian)brew services restart grafana(MAC)
有关示例和详细说明,请查看我的 Github 存储库.
For the example and detailed explanation, have a look at my Github repo.
这篇关于使用 Grafana API 进行自动身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
