Grafana Redirect URI Error

[Ingener74]

Describe the bug
Hi. I tried to connect Grafana to Authentik and I have a problem, "The request fails due to a missing, invalid, or mismatching redirection URI (redirect_uri)."
I use this instruction.

To Reproduce
My installation of Grafana.
Docker compose for Grafana

  grafana:
    image: grafana/grafana
    container_name: grafana
    ports:
      - 3001:3000
    restart: unless-stopped
    environment:
      - GF_SECURITY_ADMIN_USER=$GRAFANA_DEFAULT_USER
      - GF_SECURITY_ADMIN_PASSWORD=$GRAFANA_DEFAULT_PASSWORD
    volumes:
      - ./grafana:/etc/grafana/provisioning/datasources
    env_file:
      - .env

.env for Grafana

GF_AUTH_GENERIC_OAUTH_ENABLED=true
GF_AUTH_GENERIC_OAUTH_NAME=authentik
GF_AUTH_GENERIC_OAUTH_CLIENT_ID=tU1tdZwzs62Hrm1TonnQLKS6FmRT8JL5gm9*****
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET=OpFrGdo2Ia******** 
GF_AUTH_GENERIC_OAUTH_SCOPES="openid profile email"
GF_AUTH_GENERIC_OAUTH_AUTH_URL=https://auth.<here was my domain>/application/o/authorize/
GF_AUTH_GENERIC_OAUTH_TOKEN_URL=https://auth.<here was my domain>/application/o/token/
GF_AUTH_GENERIC_OAUTH_API_URL=https://auth.<here was my domain>/application/o/userinfo/
GF_AUTH_SIGNOUT_REDIRECT_URL=https://auth.<here was my domain>/application/o/grafana/end-session/
# Optionally enable auto-login (bypasses Grafana login screen)
GF_AUTH_OAUTH_AUTO_LOGIN=true
# Optionally map user groups to Grafana roles
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH=contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'

Expected behavior
Authentik redirect to Grafana

Screenshots

Version and Deployment (please complete the following information):

• my authentik version: 2024.2.1
• Deployment:

➜  homelab docker version
Client: Docker Engine - Community
 Version:           24.0.7
 API version:       1.43
 Go version:        go1.20.10
 Git commit:        afdd53b
 Built:             Thu Oct 26 09:07:41 2023
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          24.0.7
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.10
  Git commit:       311b9ff
  Built:            Thu Oct 26 09:07:41 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.26
  GitCommit:        3dd1e886e55dd695541fdcd67420c2888645a495
 runc:
  Version:          1.1.10
  GitCommit:        v1.1.10-0-g18a0cb0
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
➜  homelab docker compose version
Docker Compose version v2.21.0

[Ingener74]

Data from authentik_providers_oauth2_oauth2provider table in my postgresql instance
authentik_providers_oauth2_oauth2provider.csv

[alhazmy13]

I suspect that Grafana is being operated behind a reverse proxy. If that's the case, you should update the Grafana container by adding the following environment variable.

    GF_SERVER_ROOT_URL: "https://grafana.domain.com"

Additionally, if you encounter an infinite loop or receive an error indicating that Grafana cannot retrieve the token, please update the two environment variables listed below. Use the local IP address of Authentik instead of the public domain

    GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "http://127.0.0.1:380/application/o/token/"
    GF_AUTH_GENERIC_OAUTH_API_URL: "http://127.0.0.1:380/application/o/userinfo/"

[Ingener74]

@alhazmy13 thank you. Add GF_SERVER_ROOT_URL is a solution!