Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for authenticated iframe (with JWT) #51

Merged
merged 3 commits into from
Mar 3, 2025
Merged

Add support for authenticated iframe (with JWT) #51

merged 3 commits into from
Mar 3, 2025

Conversation

jbonor
Copy link

@jbonor jbonor commented Jan 21, 2025

This PR adds support for iframe authentication with JWT based on the work of Mikesch-mp/icingaweb2-module-grafana/pull/326

Removed vendor dependencies with a simple function to create the tokens and general cleanup

Closes #49

@epinter @jbonor
Add support for authenticated iframe (with JWT)
ef18503 
The image renderer from Grafana is very slow and cpu heavy. Iframe is
not an option for most cases because it needs anonymous access to
Grafana. This commit adds JWT support to secure the Grafana access
when using iframe.
When a graph is loaded in Icinga web interface, the signed JWT token is
sent to Grafana in the request, if JWT is validated graph is displayed,
if anything goes wrong with the token validation, Grafana will refuse the
access.

The library Firebase PHP-JWT is used to create the token. For now, the
library is included in the vendor directory.

The JWT token uses RSA keys, these keys are generated automatically in
/etc when the user saves the configuration with jwt enabled.
@jbonor jbonor force-pushed the feature/iframe-jwtauth branch from 9d998b7 to 88d943c Compare January 21, 2025 12:42
@jbonor jbonor force-pushed the feature/iframe-jwtauth branch from 88d943c to 35ccd8c Compare January 21, 2025 13:01
@martialblog
Copy link
Member

Hi, thanks for the PR and for putting in the work to cleanup the code.

I'll give it some proper testing and then some feedback.

Cheers
Markus

@martialblog martialblog self-assigned this Jan 23, 2025
@martialblog martialblog added this to the v3.1.0 milestone Feb 10, 2025
martialblog
martialblog reviewed Mar 3, 2025
View reviewed changes
Copy link
Member

@martialblog martialblog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested it. Looks good so far.

@martialblog martialblog changed the base branch from main to release/v3.1.0 March 3, 2025 09:13
@martialblog martialblog merged commit 41018e3 into NETWAYS:release/v3.1.0 Mar 3, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@martialblog martialblog martialblog left review comments

Assignees

@martialblog martialblog

Labels
None yet
Projects
None yet
Milestone
v3.1.0
Development

Successfully merging this pull request may close these issues.

[Feature]: Authenticated iframe with JWT
3 participants
@jbonor @martialblog @epinter