OAuth Chronograf - Unable to login

Hello :slight_smile:

I’m trying to login to chronograf via OAuth but getting still the same error. Currently github but I got the same issue for different providers as well. (gitlab, google)
Error:
This Chronograf is private. To gain access, you must be explicitly added by an administrator

Can I have advice on how to solve the issue? What does it mean that the user has to be “explicitly added by an administrator”?

Full logs:

Jun 11 21:59:51 server chronograf[18016]: time=“2019-06-11T21:59:51+02:00” level=info msg=“Response: OK” component=server method=GET remote_addr=“192.168.1.101:57160” response_time=“281.864µs” status=200
Jun 11 21:59:51 server chronograf[18016]: time=“2019-06-11T21:59:51+02:00” level=error msg=“Error message This Chronograf is private. To gain access, you must be explicitly added by an administrator.” component=server http_status =403
Jun 11 21:59:51 server chronograf[18016]: time=“2019-06-11T21:59:51+02:00” level=info msg=“Response: Forbidden” component=server method=GET remote_addr=“192.168.1.101:57160” response_time=“378.809µs” status=403
Jun 11 21:59:52 server chronograf[18016]: time=“2019-06-11T21:59:52+02:00” level=info msg=“Response: Temporary Redirect” component=server method=GET remote_addr=“192.168.1.101:57160” response_time=“123.077µs” status=307
Jun 11 21:59:53 server chronograf[18016]: time=“2019-06-11T21:59:53+02:00” level=info msg=“found an extra id_token, but option --useidtoken is not set” component=auth method=GET remote_addr=“192.168.1.101:57160” url=/oauth/github/callback?code=85125105c13d0
Jun 11 21:59:53 server chronograf[18016]: time=“2019-06-11T21:59:53+02:00” level=info msg=“User some_name@gmail.com is authenticated” component=auth method=GET remote_addr=“192.168.1.101:57160” url=/oauth/github/callback?code=85125105c13d0023a4cb&state=ey
Jun 11 21:59:53 server chronograf[18016]: time=“2019-06-11T21:59:53+02:00” level=info msg=“Response: Temporary Redirect” component=server method=GET remote_addr=“192.168.1.101:57160” response_time=778.312799ms status=307
Jun 11 21:59:54 server chronograf[18016]: time=“2019-06-11T21:59:54+02:00” level=info msg=“Response: OK” component=server method=GET remote_addr=“192.168.1.101:57160” response_time=“218.808µs” status=200
Jun 11 21:59:54 server chronograf[18016]: time=“2019-06-11T21:59:54+02:00” level=error msg=“Error message This Chronograf is private. To gain access, you must be explicitly added by an administrator.” component=server http_status =403
Jun 11 21:59:54 server chronograf[18016]: time=“2019-06-11T21:59:54+02:00” level=info msg=“Response: Forbidden” component=server method=GET remote_addr=“192.168.1.101:57160” response_time=“379.014µs” status=403

Chronograf ENV:

TLS_CERTIFICATE=/etc/letsencrypt/live/example.eu/fullchain.pem
TLS_PRIVATE_KEY=/etc/letsencrypt/live/example.eu/privkey.pem
BOLT_PATH=/var/lib/chronograf/chronograf-v1.db
GH_CLIENT_ID=d398n20fj04jff4f4
GH_CLIENT_SECRET=hc9843hv9f8h498gh9hg4
GH_ORGS=my-org
CANNED_PATH=/usr/share/chronograf/canned
TOKEN_SECRET=hf904h3f09h43

Hi @gohm welcome !

I have tried to figure it out by reading

read1
read2

Basically, the first user to log in after auth is enabled automatically becomes the super admin for the instance.
So I guess that you have to logon in chronograf with that admin user and that you can “explicitly add” other users with an extra tab that becomes visible in chronograf as shown in read2 ( a chronograf admin page by clicking on the crown )

best regards ,

@MarcV Thanks for your replay! :slight_smile:

I saw that two topics before and was aware of login with admin user… but for some reason, I was not able to do that. My chronograf was stuck in login screen. Maybe it’s my lack of knowledge and maybe I do not understand this still but finally got this thanks to your replay. :wink:

Reading one of given link I notice that I have 2x chronograf-v1.db in:

/var/lib/chronograf/chronograf-v1.db
and
/etc/default/chronograf-v1.db

Once I removed them both finally login work like a charm. :slight_smile:

Thanks again!
regards