Hi guys,
Any ideas on this error?
OAuth2 Microsoft Not Working
Hi Guys,
found the issue for the email mismatch
Cookies from the browser. 
4 days later
any working instructions for setting up OAuth2 Microsoft ? (running v1.17-rc3)
5 days later
Hello is there already a plan when the RC4 comes?
OSticket details:
Need help As Office365 team announces that IMAP+SSL, setting ended this OCT 22. Also found that GMAIl too, ended the 3rd party around May 22. Pls share, if new guide for email setting for OSticket using Office365.
9 days later
Is there a way to get things working with self signed certs for an intranet? This is a curl error I believe, I've tried to add the cert to the php.ini file, but I don't think that is the right location then.
You can go to the link in the error and it should explain how to address the issue. cURL issues are typically easy to fix thankfully.
Cheers.
Hello... I followed all the instructions, and allow in the authorization window the account and permissions do not error for the Microsoft side. But in OST appears an "invalid client" error. I double checked the info, and even put a wrong client id for testing (and Microsoft windows show error " Application with identifier 'xxxxx-xxx-xxx-xxxx' was not found in the directory" so I'm sure the "client Identifier" is well...
osTicket (v1.17-rc4) on centos 8
Please post a screenshot of the OAuth2 information you are using. Please make sure to censor things like the client secret, client id, tenant id, etc.
Cheers.
KevinTheJedi Hi!
screenshot OST
screenshot Azure app
- Edited
I guess you didn't read the post I linked above with full instructions. Your Resource Details Endpoint is incorrect. You should be using the v2.0 outlook api url https://outlook.office.com/api/v2.0/me. Please make sure you download and install the latest build of the OAuth2 plugin from our website.
Also, your scopes are wrong. You need to use the outlook scopes of offline_access https://outlook.office.com/Mail.ReadWrite.
Cheers.
BrunoLopes Did you manage to solve it? I tried with incognito, but I still get that Email Mismatch.
To get that error, I log into a shared mailbox after it asks me to sign with an admin account to authorize the access to the organisation.
- Edited
KevinTheJedi I made the changes, but still in "invalid client".. I download and reinstall the plugin with the same result
edit:
I made a fresh install, without de data of the old OST, and work... so something about the original OST is broken...
- Edited
Did you enable and consent to the needed scopes in your Azure App? Please go back to my linked guide and follow all the steps.
Cheers.
lupo_gris
These settings have worked for me
email Address Attribute part, you have different, based on your AD settings
Client Id: *
IdP Client / Application Identifier
Client Secret:
IdP Client Secret
Scopes: *
Comma or Space separated scopes depending on IdP requirements
offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send
Authorization Endpoint: *
Authorization URL
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
Token Endpoint: *
Access Token URL
https://login.microsoftonline.com/common/oauth2/v2.0/token
Resource Details Endpoint: *
User Details URL
https://outlook.office.com/api/v2.0/me
Email Address Attribute: *
Please consult your provider docs for the correct attribute to use
emailAddress
Callback Endpoint: *
Redirect Uri
https://YourSupportTicketAddress.com/api/auth/oauth2
- Edited
Our token expired and app won't fetch emails. So, app should have extra permissions in Azure App? Anyway, on SMTP configuration token is valid.
Update: After go to setting token and click on confirm, token refresh and valid but still main won't fetch emails form Inbox.
I tried with plugin version 0.3 and the redirect url does not work. it just redirects to the homepage when authenticating.
Version 0.5 does not open configuration, just a blank popup.
Any here with a working version?
sander4000
Check the network traffic with the developer tools (usually "F12"). Sometimes it shows you the error as soon as you got redirected.
KevinTheJedi yes, all configuration are correct... in a fresh ost (without data) works perfectly... I made a pre version upgrade (1.14 - 1.16) and from 1.16 to 1.17 and the OST with data works.. thanks a lot for the help
Is the scope of what is being worked on just generating the token? Is fetching and sending mail also implemented?
Of course. We completely changed the package for mail from PEAR to Laminas-Mail which supports Modern Auth.
Cheers.
I must be missing something. I'm on 1.17rc4 and this is what I'm seeing:
fyi for this issue, our organization was doing something weird with our firewall and SSL certs. After going around that everything worked. thanks
You have cURL issues on your server. Please follow the link displayed in the error to review the possible resolutions. this is outside the scope of osTicket software.
Cheers.
I have no idea why; I am unable to replicate this..
Are you using a test application? Are you sure you set the token expiration to a long period of time?
Cheers.
update: so the curl error was because of having "organizations" in the urls, changed them to "common" and now it appears to do nothing when saving the config, it just dumps me back to the login screen of the ticket system.
- Edited
Then that most likely needs you don’t have URL Rewriting enabled on your web server. Or maybe wrong endpoints. You need to go to app reg, click the app, click Overview, and click endpoints. You need to use the first two URLs (Authorization v2 and Token v2).
Cheers.
Hi,
We have a test app on 17 RC4
I didn't change token expiration yet, but today morning I noticed:
- mails from Inbox didn't fetch
- one of ticket had a time of 'last Update' about 02 AM
- token are valid IMAP and SMTP
So I made:
- go to AOuth2 MS Remote Mailbox, IdP config and click on 'Submit'
- and that same Remote Mailbox disable 'Email Fetching' and click 'Save Changes', next enable 'Email Fetching' and click 'Save Changes'
After that mails fetch from Inbox.
Conclusion,
- why mails won't fetch byt one of ticket was update
- witch my actions cause fetch emails from Inbox
Sounds like you need a cron job to automatically poll emails. Then each time it fetches it will update the tokens.
Cheers.
6 days later
Thanks for your suggestions!
The last bit of my puzzle was about fetching messages, which simply needed to be scheduled by a Cron job.
Running "RC4"
I made a cron job, before a problems with fetch. Anyway problems gone 
but I still I don't know what cause resolve problem.
I've got all 3 of my installations updated and working fine following the guides however when the ticket is created for or by a Gmail user the replies are being blocked.
Our system has detected that this message is not
RFC 550-5.7.1 5322 compliant: duplicate headers. To reduce the amount of
spam sent 550-5.7.1 to Gmail, this message has been blocked. Please review
550 5.7.1 RFC 5322 specifications for more information.
Any ideas whats wrong?
Thank you
I've found the issue... Outgoing settings were disabled, the old port setting was 25. Changed to 587 and enabled. All is good.
[insert comical abuse here]
- Edited
Can someone please help me to setup Oauth2. I can't figure out what am I doing wrong.
This is my setup:
After I request the approval, it sends me back to osTicket log in page. Request is approved by admin, but nothing changes in osTicket.
I get this error and if I try to submit again it is still asking to request approval for the same things that are already approved.
Any ideas what should I check or if I am missing something?
Please follow the exact steps listed in the documentation here:
Also, you'll probably have better luck registering the app as Multi-Tenant.
Cheers.
I have this error when try to configure authentication
Double checked all settings, seems the token can't be redeemed, first part of getting authorization code works.
Can I have a detailed log to know what is the server response??
Thanks
It looks like you either didn’t use the correct endpoints or your connection is being refused. Double check your endpoints and make sure you are using the v2 Authorization/Token Endpoints. If all else fails contact Microsoft.
Cheers.
