goller
commented
6 years ago Hey @Andy--Rose , thanks for writing in!
@kevinhogan111 did you end up figuring out the right settings for this? Or does chronograf need direct support for azure?
Closed Andy--Rose closed 6 years ago
goller
commented
6 years ago Hey @Andy--Rose , thanks for writing in!
@kevinhogan111 did you end up figuring out the right settings for this? Or does chronograf need direct support for azure?
kevinhogan111
commented
6 years ago We weren't able to able to find the right settings to get this working. The error I kept getting was: level=error msg="Unable to exchange code for token oauth2: cannot fetch token: 400 Bad Request\nResponse: {\"error\":\"invalid_resource\",\"error_description\":\"AADSTS50001: Resource identifier is not provided.
We think chronograf may need something similar to bmorton mentions in their comment from March 24th here: https://github.com/golang/oauth2/issues/112
goller
commented
6 years ago @kevinhogan111 what command-line options did you try?
tyauvil
commented
6 years ago @goller I do believe that Chronograf is going to need Azure specific configuration, specifically the resource parameter.
This discussion on adding Azure to the bitly/oauth2_proxy should be relevant: https://github.com/bitly/oauth2_proxy/pull/170
goller
commented
6 years ago @tyauvil great! I'm on it.
goller
commented
6 years ago Ok, I have a PR #2400 up for review. I've added another option to allow override for oauth api url responses. The default is email but azure is userPrincipalName.
I'm thinking about making azure specific options, but, PR #2400 rounds out the generic oauth feature.
Please add Azure to supported Oauth providers.
Andy Rose The Trade Desk