Accessing Chronograf API's after OAUTH is enabled

How can i access the Chronograf API’s after one has enabled Github OAUTH.
What headers need to passed in order to access the API’s.

Hi all,
I am trying without any luck to use the Chronograf api: https://chronograf-url/docs querying the application already working in production with authentication based to keycloak and punctual users and organizations (defined from the Chronograf interface)

Using curl I am able to retrieve the user token from keycloak running a query as below

curl --insecure \
-d "client_id=chronograf-client" \
-d "client_secret=e3f3604c-9dd7-42d4-813f-cfbd6bd84867" \
-d "username=***" \
-d "password=***" \
-d "grant_type=***" \

The token looks valid after a check in

Once I got the token I am trying to retrieve the dashboard list related to a certain organization, using the command:

curl -vvvv --insecure -H 'Authorization: Bearer <token>'  -X GET https://chronograf-utl/v1/dashboards/v1/dashboards

But I received from Chronograf logs:

Mar 14 09:00:29 red-chronograf chronograf: time="2019-03-14T09:00:29+01:00" level=error msg="Invalid principal" component="token_auth" method=GET remote_addr="" url=/chronograf/v1/dashboards
Mar 14 09:00:29 red-chronograf chronograf: time="2019-03-14T09:00:29+01:00" level=info msg="Response: Forbidden" component=server method=GET remote_addr="" response_time="179.442µs" status=403

All Chronograf apis works instead if used directly from the browser, using the cookie of an already authenticate user.

I am trying to find any documentation online, but this topic is totally missing. For this reason I am not sure if I am making a mistake, if more headers need to be specified in my chronograf/v1/dashboards request to define in input the used organization or if the Authorization: Bearer is supported.

Hopefully this is the right channel to find some info, I did not open a bug in the proper github page, because It is not clear it is a real bug.

Could please someone help on this?



Same question here. Any guidance from anyone?

Hello @chad,
Sorry for the delay. I’m not sure, but I’m asking around?
What is your end goal/What are you trying to accomplish? Have you tried updating to 2.x?

Hello @Anaisdg. Thanks for your reply. My goal is to be able to deploy a dashboard to chronograf using a REST call. I know that I can use “import” from the UI, but would like to automate dashboard deployment. Very much like what is described here: Chronograf Dashboard Definitions | InfluxData. And the chronograf deployments are using google OAUTH.

I thought I had the latest – or nearly latest – version of chronograf. I’m using the chronograf:1.7.11-alpine docker image.

Hmm, I’m not sure about how to do this with 1.x (I’ll ask around), but with 2.x you can use templates.