[Solved]Chronograf with Google oauth2 sending me to Purgatory

I’m trying to set up Chronograf with Google OAuth 2. We use Google Apps so I went ahead and created a client app and got client ID, secret, etc.

I then started Chronograf with these variables as per the docs:

export GOOGLE_CLIENT_ID=xxxxxxxxx-1jnexxxxxxxxxhqfhlc1bb25bg.apps.googleusercontent.com
export GOOGLE_CLIENT_SECRET=xNaMOLb5xxxxxxxxxxx
export PUBLIC_URL=https://mydomain.com

I was then asked to log in with Google, and I selected my email address. My user is a Super User on Google Apps.

I’m then directly sent to /purgatory - so all I see is “Authenticated in 1 Organization: oauth2/google” followed by “Default member” and the text “Contact your Admin for access”.

I don’t understand this seeing that my user on Google is a Super User there. I’ve tried creating custom roles and even adding a user:email scope, but I still can’t log in.

I’ve set up Chronograf successfully with Auth0 so I think what may be confusing me here is whatever is required on the Google side of things so that it works with Chronograf.

Help would be appreciated.

I’m closing this issue as it turns out I had an Auth0 user in the same chronograf bolt database with exactly the same e-mail address. That made it possible to revert to Auth0, but Google OAuth didn’t work. What I did was to start with a new install via Docker and now it works.

1 Like