Azure AD - 401 Unauthorized

  • What Grafana version and what operating system are you using?
    Latest docker version

  • What are you trying to achieve?
    Setup Azure AD OAuth2

  • What happened?
    When trying to login I get the following error: “oauth2: cannot fetch token: 401 Unauthorized\nResponse: {"error":"invalid_client","error_description":"AADSTS7000218: The request body must contain the following parameter: ‘client_assertion’ or ‘client_secret’.”

  • Can you copy/paste the configuration(s) that you are having problems with?
    I’ve set the following environment variables in docker:

GF_AUTH_AZUREAD_CLIENT_ID: "redacted (Application ID)"
GF_AUTH_AZUREAD_CLIENT_SECRECT: "redacted (Client Secret)"
GF_AUTH_AZUREAD_AUTH_URL: " (tenant-id)/oauth2/v2.0/authorize"
GF_AUTH_AZUREAD_TOKEN_URL: " (tenant-id)/oauth2/v2.0/token"
GF_AUTH_AZUREAD_SCOPES: "openid email profile"
  • Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.

  • Did you follow any online instructions? If so, what is the URL?
    I’ve followed the official tutorial.

You could remove the environmental variable and try again. Better turn on debug level in log config.