OAuth2 Secret store does not work

[mimez]

Relevant telegraf.conf

[agent]
  omit_hostname=true

[[outputs.file]]
  files = ["stdout"]

[[secretstores.oauth2]]
  id = "secretstore"
  service = "auth0"
  token_endpoint = "https://api.enphaseenergy.com/oauth/token"

  [[secretstores.oauth2.token]]
    key = "mytoken"
    client_id = "XXX"
    client_secret = "XXX"

    [secretstores.oauth2.token.parameters]
      grant_type = "authorization_code"
      redirect_uri = "https://api.enphaseenergy.com/oauth/redirect_uri"
      code = "XXX"
      audience = "https://api.enphaseenergy.com/oauth/redirect_uri"

Logs from Telegraf

2024-06-18T19:18:03Z I! Loading config: telegraf.conf
panic: assignment to entry in nil map

goroutine 1 [running]:
net/url.Values.Add(0x140001b9558?, {0x140026d8f40?, 0x140020fea98?}, {0x140026b2be9, 0x12})
	net/url/url.go:909 +0x48
github.com/influxdata/telegraf/plugins/secretstores/oauth2.(*OAuth2).Init(0x140026be380)
	github.com/influxdata/telegraf/plugins/secretstores/oauth2/oauth2.go:140 +0xa54
github.com/influxdata/telegraf/config.(*Config).addSecretStore(0x140026c7080, {0x140026d8d40, 0x6}, 0x140026ba780)
	github.com/influxdata/telegraf/config/config.go:910 +0x2d4
github.com/influxdata/telegraf/config.(*Config).LoadConfigData(0x140026c7080, {0x140026de000?, 0x0?, 0x140020ff208?})
	github.com/influxdata/telegraf/config/config.go:686 +0xe60
github.com/influxdata/telegraf/config.(*Config).LoadConfig(0x140026c7080, {0x16f13b7ea, 0xd})
	github.com/influxdata/telegraf/config/config.go:464 +0x15c
github.com/influxdata/telegraf/config.(*Config).LoadAll(0x140026c7080, {0x140026d6ba0?, 0x1000108?, 0x10ee94648?})
	github.com/influxdata/telegraf/config/config.go:473 +0x58
main.(*Telegraf).loadConfiguration(0x140022591e0)
	github.com/influxdata/telegraf/cmd/telegraf/telegraf.go:308 +0x388
main.(*Telegraf).Run(0x140022591e0)
	github.com/influxdata/telegraf/cmd/telegraf/telegraf_posix.go:14 +0x8c
main.runApp.func1(0x140026c0180)
	github.com/influxdata/telegraf/cmd/telegraf/main.go:251 +0x988
github.com/urfave/cli/v2.(*Command).Run(0x140026c6f20, 0x140026c0180, {0x14000146050, 0x5, 0x5})
	github.com/urfave/cli/v2@v2.27.1/command.go:279 +0x71c
github.com/urfave/cli/v2.(*App).RunContext(0x1400161ea00, {0x109fa1900, 0x10e951f40}, {0x14000146050, 0x5, 0x5})
	github.com/urfave/cli/v2@v2.27.1/app.go:337 +0x514
github.com/urfave/cli/v2.(*App).Run(...)
	github.com/urfave/cli/v2@v2.27.1/app.go:311
main.runApp({0x14000146050, 0x5, 0x5}, {0x109f225f8, 0x14000148010}, {0x109f40cb8, 0x140001b9138}, {0x109f40ce0, 0x14002259340}, {0x109fa17b0, ...})
	github.com/influxdata/telegraf/cmd/telegraf/main.go:393 +0xe04
main.main()
	github.com/influxdata/telegraf/cmd/telegraf/main.go:407 +0xf0

System info

telegraf 1.31.0 on macos

Docker

No response

Steps to reproduce

1. build a telegraf.conf
2. execute telegraf (telegraf --debug --config telegraf.conf --once)

Expected behavior

either it should report an readable error or it should work

Actual behavior

a stack trace appears

Additional info

No response

[powersj]

Hi,

Can you try the artifacts in #15531 in 20-30mins? There will be a comment added by the Tiger bot with some artifacts you can download and let us know if it resolves the issue?

I was able to reproduce locally with your config (thank you) and once I made this change was able to start up successfully.

[mimez]

wow, you are blazing fast :-)

absolutely. i can check it. is there a macos version i can download?

[powersj]

Yep! Assuming you are on an Apple Silicon mac:

https://output.circle-artifacts.com/output/job/29f346ae-144b-47b2-8e0b-cfdb8f149f85/artifacts/0/build/dist/telegraf-1.32.0~2138e0fb_darwin_arm64.tar.gz

Here is the tiger bot comment with a full array of other downloads.

[mimez]

nice. the error is gone!! :-) unfortunately it still does not work, but i assume thats a configuration mistake (i guess the bearer token authentication with base64(id + secret) is the problem). i will check it out. thanks for your support!

[mimez]

okay, the problem is, that the oauth-endpoint expects a Bearer-Authentication-Token that consists of id:secret (base64). obviously telegraf does not provide this auth-header. any idea how to solve that issue?

[powersj]

@srebhan - can you comment on this tomorrow, thanks

[srebhan]

@mimez could you please open a feature request to add bearer-token auth?!