Azure AD oauth not working after server move

Our influx server was migrated to live behind a reverse proxy, but keeping the same ip/url for web browser access to chronograf, so nothing really changed. The Login button is displayed to logon to AzureAD (the configured provider), when I click the login button it briefly navigates away to microsoft’s authentication urls and then returns to the login prompt. Looking in developer tools in the browser, visits to /chronograf/v1/me and /chronograf/v1/env are failing with 403 forbidden.

I have restarted chronograf, and also cleared the cookies in my browser, but no luck. Any suggestions will be greatly appreciated.

Issue has been resolved. The server needed outbound firewall access to login.microsoftonline.com to be able to verify the token, once that was given everything worked.

The relevant error message you need to look for in the logs is "Unable to exchange code for token Post “https://login.microsoftonline.com/…/token”

@buzzlightyear thanks for sharing your solution!