login.OAuthLogin(missing saved state) - Community version of grafana with OKTA integration

Hi

I’m trying to configure Community edition Grafana(official docker image) with Okta integration.

After doing Okta configuration, Okta authenticates and redirect request to grafana, where I hosted it, But, it shows following error:

login.OAuthLogin(missing saved state)

I’m not using any database for storing sessions. I want to save it on local file only.
In container, I can see sessions folder created: /var/lib/grafana/sessions/ and some files are created.

Few of the configurations I’m setting:
GF_AUTH_ANONYMOUS_ENABLED: “false”
GF_SERVER_ROOT_URL: “https://”
GF_AUTH_OAUTH_AUTO_LOGIN: “true”
GF_AUTH_GENERIC_OAUTH_NAME: “Okta”
GF_AUTH_GENERIC_OAUTH_ENABLED: “true”
GF_AUTH_GENERIC_OAUTH_SCOPES: “groups”
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: “my_client_id”
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: “some_secret”
GF_AUTH_GENERIC_OAUTH_AUTH_URL: “url”
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: “url”
GF_AUTH_GENERIC_OAUTH_API_URL: “url”
GF_SESSION_COOKIE_SECURE: “true”

Please suggest.

I followed everything from there. But, got the issue which I reported.

App is going to Okta for authenticating. Okta sends back to Grafana app. Then issue comes up.

Why did you use groups scope? Check logs, pls.

Other scopes were not working.

Logs:
t=2019-10-01T03:51:19+0000 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/ status=302 remote_addr=10.51.65.210 time_ms=2 size=29 referer=

t=2019-10-01T03:51:19+0000 lvl=info msg=“OAuth auto login enabled. Redirecting to /login/generic_oauth”

t=2019-10-01T03:51:19+0000 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login status=307 remote_addr=10.51.65.210 time_ms=3 size=56 referer=

t=2019-10-01T03:51:20+0000 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=302 remote_addr=10.51.65.210 time_ms=1 size=296 referer=

t=2019-10-01T03:51:21+0000 lvl=eror msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=500 remote_addr=10.51.65.210 time_ms=2 size=1742 referer=

t=2019-10-01T03:51:23+0000 lvl=eror msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=500 remote_addr=10.51.65.210 time_ms=2 size=1742 referer=

t=2019-10-01T03:51:39+0000 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/ status=302 remote_addr=10.51.65.210 time_ms=0 size=29 referer=

t=2019-10-01T03:51:40+0000 lvl=info msg=“OAuth auto login enabled. Redirecting to /login/generic_oauth”

t=2019-10-01T03:51:40+0000 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login status=307 remote_addr=10.51.65.210 time_ms=2 size=56 referer=

t=2019-10-01T03:51:40+0000 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=302 remote_addr=10.51.65.210 time_ms=0 size=296 referer=

t=2019-10-01T03:51:41+0000 lvl=eror msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=500 remote_addr=10.51.65.210 time_ms=1 size=1742 referer=

t=2019-10-01T03:52:00+0000 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/ status=302 remote_addr=10.51.65.210 time_ms=1 size=29 referer=

t=2019-10-01T03:52:01+0000 lvl=info msg=“OAuth auto login enabled. Redirecting to /login/generic_oauth”

t=2019-10-01T03:52:01+0000 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login status=307 remote_addr=10.51.65.210 time_ms=2 size=56 referer=

t=2019-10-01T03:52:01+0000 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=302 remote_addr=10.51.65.210 time_ms=1 size=296 referer=

t=2019-10-01T03:52:01+0000 lvl=eror msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/generic_oauth status=500 remote_addr=10.51.65.210 time_ms=0 size=1742 referer=

Hey,

I have the same issue but just with Okta, what should I add in my config to fix this :

[auth]
disable_login_form = true
oauth_auto_login = true
login_cookie_name = grafana_session
oauth_state_cookie_max_age = 60
[security]
cookie_secure = true
cookie_httponly = true
cookie_samesite = strict

Any help would be appreciated.

Thanks.