SSO_Basics/Grafana/.env.example

GF_AUTH_GENERIC_OAUTH_ENABLED=true
GF_AUTH_GENERIC_OAUTH_NAME=authentik
GF_AUTH_GENERIC_OAUTH_CLIENT_ID=CLIENT_ID_GOES_HERE
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=CLIENT_SECRET_GOES_HERE
GF_AUTH_GENERIC_OAUTH_SCOPES=openid profile email
GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://auth.example.net/application/o/authorize/
GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://auth.example.net/application/o/token/
GF_AUTH_GENERIC_OAUTH_API_URL=https://auth.example.net/application/o/userinfo/
GF_AUTH_SIGNOUT_REDIRECT_URL=https:///auth.example.net/application/o/grafana/end-session/
# Optionally enable auto-login (bypasses Grafana login screen)
GF_AUTH_OAUTH_AUTO_LOGIN=true
# Optionally map user groups to Grafana roles
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(groups, 'grafanaadmin') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
switch to docker-compose env for oauth configuration, verified admin role maps properly 2024-01-17 01:17:30 -06:00			`GF_AUTH_GENERIC_OAUTH_ENABLED=true`
			`GF_AUTH_GENERIC_OAUTH_NAME=authentik`
			`GF_AUTH_GENERIC_OAUTH_CLIENT_ID=CLIENT_ID_GOES_HERE`
			`GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=CLIENT_SECRET_GOES_HERE`
			`GF_AUTH_GENERIC_OAUTH_SCOPES=openid profile email`
			`GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://auth.example.net/application/o/authorize/`
			`GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://auth.example.net/application/o/token/`
			`GF_AUTH_GENERIC_OAUTH_API_URL=https://auth.example.net/application/o/userinfo/`
			`GF_AUTH_SIGNOUT_REDIRECT_URL=https:///auth.example.net/application/o/grafana/end-session/`
			`# Optionally enable auto-login (bypasses Grafana login screen)`
			`GF_AUTH_OAUTH_AUTO_LOGIN=true`
			`# Optionally map user groups to Grafana roles`
			`GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(groups, 'grafanaadmin') && 'Admin' \|\| contains(groups, 'Grafana Editors') && 'Editor' \|\| 'Viewer'`