[Solved]Chronograf with Google oauth2 sending me to Purgatory

chronograf

#1

I’m trying to set up Chronograf with Google OAuth 2. We use Google Apps so I went ahead and created a client app and got client ID, secret, etc.

I then started Chronograf with these variables as per the docs:

export GOOGLE_CLIENT_ID=xxxxxxxxx-1jnexxxxxxxxxhqfhlc1bb25bg.apps.googleusercontent.com
export GOOGLE_CLIENT_SECRET=xNaMOLb5xxxxxxxxxxx
export PUBLIC_URL=https://mydomain.com

I was then asked to log in with Google, and I selected my email address. My user is a Super User on Google Apps.

I’m then directly sent to /purgatory - so all I see is “Authenticated in 1 Organization: oauth2/google” followed by “Default member” and the text “Contact your Admin for access”.

I don’t understand this seeing that my user on Google is a Super User there. I’ve tried creating custom roles and even adding a user:email scope, but I still can’t log in.

I’ve set up Chronograf successfully with Auth0 so I think what may be confusing me here is whatever is required on the Google side of things so that it works with Chronograf.

Help would be appreciated.


#2

I’m closing this issue as it turns out I had an Auth0 user in the same chronograf bolt database with exactly the same e-mail address. That made it possible to revert to Auth0, but Google OAuth didn’t work. What I did was to start with a new install via Docker and now it works.