When Chronograf calls back to GitLab, it receives the following response:
The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.
Here’s my environment:
GENERIC_CLIENT_ID=be052001f57be14542bd64ea5083ae2fe39290b6cf24407f828711d1f9aff0e4 GENERIC_CLIENT_SECRET=xxxx GENERIC_AUTH_URL=https://gitlab.example.com/oauth/authorize?redirect_uri=https%3A%2F%2Ftick.example.com%2Foauth%2Fgitlab%2Fcallback%26response_type%3Dcode GENERIC_TOKEN_URL=https://gitlab.example.com/oauth/token?redirect_uri=https%3A%2F%2Ftick.example.com%2Foauth%2Fgitlab%2Fcallback%26grant_type%3Dauthorization_code PUBLIC_URL=https://tick.example.com TOKEN_SECRET=mysupersecret GENERIC_SCOPES=read_user GENERIC_NAME=gitlab
Attached is screenshot from GitLab. I did a Tcpdump on the gitlab side, it appears Chronograf is calling back to GitLab alright, but GitLab don’t like it.