Azure AD - 401 Unauthorized

  • What Grafana version and what operating system are you using?
    Latest docker version

  • What are you trying to achieve?
    Setup Azure AD OAuth2

  • What happened?
    When trying to login I get the following error: “oauth2: cannot fetch token: 401 Unauthorized\nResponse: {"error":"invalid_client","error_description":"AADSTS7000218: The request body must contain the following parameter: ‘client_assertion’ or ‘client_secret’.”

  • Can you copy/paste the configuration(s) that you are having problems with?
    I’ve set the following environment variables in docker:

GF_AUTH_AZUREAD_CLIENT_ID: "redacted (Application ID)"
GF_AUTH_AZUREAD_CLIENT_SECRECT: "redacted (Client Secret)"
GF_AUTH_AZUREAD_AUTH_URL: " (tenant-id)/oauth2/v2.0/authorize"
GF_AUTH_AZUREAD_TOKEN_URL: " (tenant-id)/oauth2/v2.0/token"
GF_AUTH_AZUREAD_SCOPES: "openid email profile"
  • Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.

  • Did you follow any online instructions? If so, what is the URL?
    I’ve followed the official tutorial.