Okta Integration with Grafana 7.3.4

Hi,

Could you please help advise what is wrong and how to fix the following issue.

I upgraded Grafana to version 7.3.5 from 5.4.3 and It works well. But I failed to use the same Okta integration that I used for version 5.4.3.

My Grafana config is as follows that is the same as before:
#################################### Okta OAuth #######################
[auth.okta]
name = Okta
enabled = true
allow_sign_up = true
client_id = {my client id}
client_secret = {my client secret}
scopes = openid profile email
auth_url = https://{my okta url}/oauth2/v1/authorize
token_url = https://{my okta url}/oauth2/v1/token
api_url = https://{my okta url}/oauth2/v1/userinfo
;allowed_domains =
;allowed_groups =
;role_attribute_path =

The only change is to update the Login redirect URI, that I refer to Okta OAuth2 authentication | Grafana Labs
from: http://{my base url}/login/generic_oauth
to : http://{my base url}/login/okta

I got the 400 BAD REQUEST error.

Browser logs are as follows:
GET https://{xxxx}.okta.com/oauth2/v1/authorize?access_type=online&client_id=&redirect_uri=http%3A%2F%2F{my base url}%2Flogin%2Fokta&response_type=code&scope=openid+profile+email&state=hLINyv8hjBFtTNXx1-JkG5bFRrX15XR7Yv-G9zB7zuA%3D 400

Grafana logs:
t=2021-02-05T09:06:45+0800 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/login/okta status=302 remote_addr=10.175.237.119 time_ms=0 size=306 referer=http://{my base url}/login

Hi,

I see that you are missing some informations :

client_id = <okta application Client ID>
client_secret = <okta application Client Secret>

Have a look at this thread :

Good Luck

Thank you for the updates!

I intendently removed that for security reason. sorry for confusing!

The issue has been fixed.
It found that the client id/secret was unmatched between my Grafana EC2 server and Okta server.

1 Like