The Issue
When trying to log into Grafana Web UI using an OIDC provider, in my case, Dex. The login would fail due to the error “User already exists”, after some time. This happened for any users given access via the OIDC.
The Cause
This looks to happen due to a CVE fix implemented in Grafana as documented in the two comments below:
- https://github.com/grafana/grafana/issues/70203#issuecomment-1603895013
- https://github.com/grafana/grafana/issues/70203#issuecomment-1609865093
The Fix
To resolve this issue, for Grafana 10.0.x and 9.5.6, the env variable GF_AUTH_OAUTH_ALLOW_INSECURE_EMAIL_LOOKUP
can be set or the config key oauth_allow_insecure_email_lookup
can be set under the auth
section.
[auth]
oauth_allow_insecure_email_lookup=true
Hope this helps anyone stuck out there!
Regards