Chronograf - Oauth - Unable to login when using GH orgs

1

I have setup Chronograf, InfluxDB and Telegraf via the docker engine.

The only issue I have is that when I enable Oauth via either Google or GitHub and restrict to a Domain/Organisation it fails to login.

The docker logs are showing the below error:

time="2017-07-24T09:35:11Z" level=info msg=Request component=server method=GET remote_addr="172.17.0.1:50724" url=/chronograf/v1/me
time="2017-07-24T09:35:11Z" level=error msg="Invalid principal" component=auth method=GET remote_addr="172.17.0.1:50724" url=/chronograf/v1/me
time="2017-07-24T09:35:11Z" level=info msg="Response: Forbidden" code=403 component=server remote_addr="172.17.0.1:50724" response_time="231.289µs"

172.17.0.1 is the default route from the contatiner to the host.

1 Like
2

I have same problem and still fighting to figure out what is happening.

3

Could you please share a redacted version of the CLI flags / ENVs that you use to launch Chronograf? That would help us debug this.

1 Like
4

Here is the docker run command i use:
docker run -p 8888:8888 -e “GH_CLIENT_ID=<my-gh-client-id>” -e “GH_CLIENT_SECRET=<my-gh-client-secret>” -e “GH_ORGS=influxdata” -e “PUBLIC_URL=http://localhost:8888” -e “TOKEN_SECRET=<my-token-secret>” chronograf:1.3.8.1-alpine

5

I have the same problem.
I get this error when using GH orgs.
time=“2018-06-29T15:13:40Z” level=error msg=“Not a member of required github organization”
time=“2018-06-29T15:13:41Z” level=error msg=“Invalid principal” component=“token_auth” method=GET remote_addr=“172.18.0.1:38608” url=/chronograf/v1/me
time=“2018-06-29T15:13:41Z” level=info msg=“Response: Forbidden” component=server method=GET remote_addr=“172.18.0.1:38608” response_time=“127.935µs” status=403

6

Exactly the same problem here. Were you able to resolve it? @vladost @AndrewJLowery ?