How can i access the Chronograf API’s after one has enabled Github OAUTH.
What headers need to passed in order to access the API’s.
Hi all,
I am trying without any luck to use the Chronograf api: https://chronograf-url/docs querying the application already working in production with authentication based to keycloak and punctual users and organizations (defined from the Chronograf interface)
Using curl I am able to retrieve the user token from keycloak running a query as below
curl --insecure \
-d "client_id=chronograf-client" \
-d "client_secret=e3f3604c-9dd7-42d4-813f-cfbd6bd84867" \
-d "username=***" \
-d "password=***" \
-d "grant_type=***" \
"https://<keycloak-url>/auth/realms/app-users/protocol/openid-connect/token"
The token looks valid after a check in https://jwt.io/
Once I got the token I am trying to retrieve the dashboard list related to a certain organization, using the command:
curl -vvvv --insecure -H 'Authorization: Bearer <token>' -X GET https://chronograf-utl/v1/dashboards/v1/dashboards
But I received from Chronograf logs:
Mar 14 09:00:29 red-chronograf chronograf: time="2019-03-14T09:00:29+01:00" level=error msg="Invalid principal" component="token_auth" method=GET remote_addr="192.168.1.33:59584" url=/chronograf/v1/dashboards
Mar 14 09:00:29 red-chronograf chronograf: time="2019-03-14T09:00:29+01:00" level=info msg="Response: Forbidden" component=server method=GET remote_addr="192.168.1.33:59584" response_time="179.442µs" status=403
All Chronograf apis works instead if used directly from the browser, using the cookie of an already authenticate user.
I am trying to find any documentation online, but this topic is totally missing. For this reason I am not sure if I am making a mistake, if more headers need to be specified in my chronograf/v1/dashboards request to define in input the used organization or if the Authorization: Bearer is supported.
Hopefully this is the right channel to find some info, I did not open a bug in the proper github page, because It is not clear it is a real bug.
Could please someone help on this?
Thanks
2 Likes
Same question here. Any guidance from anyone?
Hello @chad,
Sorry for the delay. I’m not sure, but I’m asking around?
What is your end goal/What are you trying to accomplish? Have you tried updating to 2.x?
Hello @Anaisdg. Thanks for your reply. My goal is to be able to deploy a dashboard to chronograf using a REST call. I know that I can use “import” from the UI, but would like to automate dashboard deployment. Very much like what is described here: Chronograf Dashboard Definitions | InfluxData. And the chronograf deployments are using google OAUTH.
I thought I had the latest – or nearly latest – version of chronograf. I’m using the chronograf:1.7.11-alpine docker image.
Hmm, I’m not sure about how to do this with 1.x (I’ll ask around), but with 2.x you can use templates.
