I'm using Grafana auth proxy with Traefik forwardAuth middleware to secure my dashboards. We store access and refresh tokens as server-side http-only cookies. These get forwarded to my auth service which verifies the access token or returns a new one if expired and refresh token is valid.
I can access Grafana fine until the access token expires. When this happens, I'd need to use refresh token to issue a new access token. The token (in a cookie) gets forwarded to my auth service, where I can issue a new access token. Then I add the Set-Cookie
header to set the new token, but these headers are not forwarded to the Grafana frontend.
I was inspecting the Grafana proxy auth config where headers
property seemed promising, but as far as I can tell from quick inspection of it's source code it actually only remaps headers to one of the predefined attributes, and it doesn't forward anything to the client.
Is there a way to somehow forward the Set-Cookie
headers via Grafana auth proxy to the browser or am I stuck?