Spent quite a while trying to figure this out, from lifting generated urls from osticket to the azure app registered app to making changes to try and invoke different results.
So far, I have two differentia results:
updating the idp config takes me through the 365 login flow then at the end, takes me back to a white page with 404 Not Found with a URL that indicates that it would have been successful?
https://subdomain.TLD/api/auth/oauth2?code=<long string of code here>
idp config the URI / URL set as the following:
Redirect uri: https://subdomain.TLD/api/auth/oauth2
Authorization URL: https://login.microsoftonline.com/<azure-tenant-id>/oauth2/v2.0/authorize
Access Token URL: https://login.microsoftonline.com/<azure-tenant-id>/oauth2/v2.0/token
(the auth and access urls were changed as 365 was complaining that i would need to use the tenant ones or switch app to multi-tenant access)
User Details URL: https://graph.microsoft.com
Scopes: profile email
Azure App registration platform is set as 'Web application' with the redirect uri set
Api permissions: email profile IMAP.AccessAsUser.All User.Read User.ReadBasic.All offline_access
(added the extra permissions as a catch all)
Now if I change the Azure App registration platform from 'Web application' to 'Single-page application' , again with uri set as previously mentioned, then I get taken through the 365 login flow and right at the end get provided with this error:
Sorry, but we’re having trouble signing you in.
AADSTS9002325: Proof Key for Code Exchange is required for cross-origin authorization code redemption.
Nothing shows on the osticket system logs, and the app reg logs show success when the app is set as a 'web application' and log the above proof key error when set as a 'single-page application'
Hope this helps an we can find a resolution!