diff --git a/config/http_config.go b/config/http_config.go
index 71280746..b98ff7cb 100644
--- a/config/http_config.go
+++ b/config/http_config.go
@@ -210,6 +210,15 @@ func (c *HTTPClientConfig) Validate() error {
 		if c.BasicAuth != nil {
 			return fmt.Errorf("at most one of basic_auth, oauth2 & authorization must be configured")
 		}
+		if len(c.OAuth2.ClientID) == 0 {
+			return fmt.Errorf("oauth2 client_id must be configured")
+		}
+		if len(c.OAuth2.ClientSecret) == 0 && len(c.OAuth2.ClientSecretFile) == 0 {
+			return fmt.Errorf("either oauth2 client_secret or client_secret_file must be configured")
+		}
+		if len(c.OAuth2.TokenURL) == 0 {
+			return fmt.Errorf("oauth2 token_url must be configured")
+		}
 		if len(c.OAuth2.ClientSecret) > 0 && len(c.OAuth2.ClientSecretFile) > 0 {
 			return fmt.Errorf("at most one of oauth2 client_secret & client_secret_file must be configured")
 		}
diff --git a/config/http_config_test.go b/config/http_config_test.go
index 173bf870..aff3b8a2 100644
--- a/config/http_config_test.go
+++ b/config/http_config_test.go
@@ -107,6 +107,18 @@ var invalidHTTPClientConfigs = []struct {
 		httpClientConfigFile: "testdata/http.conf.oauth2-secret-and-file-set.bad.yml",
 		errMsg:               "at most one of oauth2 client_secret & client_secret_file must be configured",
 	},
+	{
+		httpClientConfigFile: "testdata/http.conf.oauth2-no-client-id.bad.yaml",
+		errMsg:               "oauth2 client_id must be configured",
+	},
+	{
+		httpClientConfigFile: "testdata/http.conf.oauth2-no-client-secret.bad.yaml",
+		errMsg:               "either oauth2 client_secret or client_secret_file must be configured",
+	},
+	{
+		httpClientConfigFile: "testdata/http.conf.oauth2-no-token-url.bad.yaml",
+		errMsg:               "oauth2 token_url must be configured",
+	},
 }
 
 func newTestServer(handler func(w http.ResponseWriter, r *http.Request)) (*httptest.Server, error) {
diff --git a/config/testdata/http.conf.oauth2-no-client-id.bad.yaml b/config/testdata/http.conf.oauth2-no-client-id.bad.yaml
new file mode 100644
index 00000000..73b20b85
--- /dev/null
+++ b/config/testdata/http.conf.oauth2-no-client-id.bad.yaml
@@ -0,0 +1,3 @@
+oauth2:
+  client_secret: "mysecret"
+  token_url: "http://auth"
diff --git a/config/testdata/http.conf.oauth2-no-client-secret.bad.yaml b/config/testdata/http.conf.oauth2-no-client-secret.bad.yaml
new file mode 100644
index 00000000..774a5998
--- /dev/null
+++ b/config/testdata/http.conf.oauth2-no-client-secret.bad.yaml
@@ -0,0 +1,3 @@
+oauth2:
+  client_id: "myclientid"
+  token_url: "http://auth"
diff --git a/config/testdata/http.conf.oauth2-no-token-url.bad.yaml b/config/testdata/http.conf.oauth2-no-token-url.bad.yaml
new file mode 100644
index 00000000..a99a2c02
--- /dev/null
+++ b/config/testdata/http.conf.oauth2-no-token-url.bad.yaml
@@ -0,0 +1,3 @@
+oauth2:
+  client_id: "myclientid"
+  client_secret: "mysecret"
diff --git a/config/testdata/http.conf.oauth2-secret-and-file-set.bad.yml b/config/testdata/http.conf.oauth2-secret-and-file-set.bad.yml
index d9fc6f84..1c453cd6 100644
--- a/config/testdata/http.conf.oauth2-secret-and-file-set.bad.yml
+++ b/config/testdata/http.conf.oauth2-secret-and-file-set.bad.yml
@@ -1,3 +1,5 @@
 oauth2:
+  client_id: "myclient"
   client_secret: "mysecret"
   client_secret_file: "mysecret"
+  token_url: "http://auth"