Introduction
In this guide, we will delve into the Empress Framework and its integration with Grafana using OAuth for third-party app authentication. The guide will step you through the setup of a Grafana server and the connection to the Empress Framework for Grafana’s authentication.
Getting Started
Before proceeding, ensure you meet the following prerequisites:
- A debian-based system server (Debian, Ubuntu, Pop OS, etc.)
- A Empress Cloud account or a Empress Framework site (preferably on the same server)
- Basic text editing knowledge
Introduction to Empress Framework and Grafana
Empress Framework is a low-code, Python, and JavaScript web framework designed for building delightful web applications. It has a broad range of functionalities, including the generation of database schemas, REST APIs, Webhooks, and Reports without the need to write any code.
Grafana, on the other hand, is an interactive metrics visualization platform. It is versatile and used for alerting and visualizing server statistics, providing valuable insights about the server’s performance.
Installing Empress Framework and Grafana
Empress Framework Installation
Installing the Empress Framework is an intricate process, but don’t let this deter you. If you prefer, you can install and set up the Empress Framework using Docker, or use Empress Cloud to spin up a new site with Empress Framework installed.
Grafana Installation
The installation of Grafana is straightforward. Once installed, add Grafana to systemd with the following commands:
# add to systemd to start on bootup
sudo systemctl enable grafana-server.service
# start the service
sudo systemctl start grafana-server
# check status
sudo systemctl status grafana-server
Configuring Empress for OAuth
With the Empress Framework and Grafana installed, the next step is to configure Empress Framework for OAuth. Log into your site and complete the getting started process, then create a new entry in the OAuth Client doctype. Configure the:
- App Name (Grafana in this case)
- Open ID scopes
- Redirect URIs
You will receive an App Client ID and App Client Secret upon completion. These will be used in the Grafana configuration for the OAuth setup.
Configuring Grafana for OAuth
With the Client ID and Client Secret from the Empress Framework site, connect to the Grafana server for authentication.
Edit the grafana.ini configuration file in the /etc/grafana folder. Uncomment the lines and add the required data in the [oauth.generic_oauth] section as follows:
[auth.generic_oauth]
enabled = True
name = Empress
client_id = <client_id>
client_secret = <client_secret>
scopes = openid all
auth_url = <frappe_site_url>/api/method/frappe.integrations.oauth2.authorize
token_url = <frappe_site_url>/api/method/frappe.integrations.oauth2.get_token
api_url = <frappe_site_url>/api/method/frappe.integrations.oauth2.openid_profile
Additionally, add the domain name of the Grafana server to the config if you’re using a reverse proxy in the server section of the grafana.ini file.
After saving the file, restart Grafana with the command sudo systemctl restart grafana-server.service.
Upon reloading your Grafana site, you should see a “Sign in with Empress” button on the login page. If everything is configured correctly, you’ll be able to log into Grafana with the credentials from your Empress site.
Conclusion
Empress’ OAuth feature enables developers to easily integrate third-party apps like Grafana with Empress Framework for seamless authentication. This not only enhances the scalability of your applications but also leverages Empress’ robust security features for secure third-party integrations.