According to this, https://learn.microsoft.com/en-us/azure/active-directory/develop/single-and-multi-tenant-apps
since I am an educational user of osTicket and using Azure AD, I need a multi-tenant account type due to the usage of osTicket.
IT Admin handles the account type selection by policy. They selected "Single tenant". Looks like a reconfig is in order.
Thank you.
The documentation just shows an example. It's up to the person configuring the app to select the appropriate options for their org/tenant.
Cheers.
@KevinTheJedi
on my live server, I am getting Loading ... when I tried to save
any idea what's missing?
Check this post and see if it applies.
https://forum.osticket.com/d/101637-imap-fetching-microsoft-oauth2
KevinTheJedi
I think I needed to install
apt install php8.1-curl
Now I get this, which I am waiting on Microsoft why is it, I had the same issue with my test server
Then you are using a personal email that MS has stated they will not allow modern authentication for unless you add a custom domain and new tenant. You can reach out to MS to get a more detailed response on this.
Cheers.
KevinTheJedi
No, I am not using personal email, using Exchange Online license, this is something on the Microsoft side
KevinTheJedi
MS Azure support thinks it's Mailbox related error, so I have an MS365 ticket open now let's see if there is a fix
just note: is PHP8.1 supported on this version v1.17?
I am still seeing a spinning circle when trying to save Auth2, does this means the PHP version is not supported?:
PHP Fatal error: Uncaught Error: Call to a member function setConfigClass() on null in phar:///var/www/osticket/public_html/include/plugins/auth-oauth2.phar/oauth2.php:592\nStack trace:\n#0 /var/www/osticket/public_html/include/class.email.php(675): GenericEmailOauth2Provider->getPluginInstance()\n#1 /var/www/osticket/public_html/include/ajax.email.php(26): EmailAccount->saveAuth()\n#2 /var/www/osticket/public_html/include/class.dispatcher.php(151): EmailAjaxAPI->configureAuth()\n#3 /var/www/osticket/public_html/include/class.dispatcher.php(38): UrlMatcher->dispatch()\n#4 /var/www/osticket/public_html/include/class.dispatcher.php(120): Dispatcher->resolve()\n#5 /var/www/osticket/public_html/include/class.dispatcher.php(38): UrlMatcher->dispatch()\n#6 /var/www/osticket/public_html/scp/ajax.php(326): Dispatcher->resolve()\n#7 {main}\n thrown in phar:///var/www/osticket/public_html/include/plugins/auth-oauth2.phar/oauth2.php on line 592, referer: https://Mydomain.com/scp/emails.php?id=1
Yes PHP 8.1 is supported. That error means you need to delete the email and re-add it.
Also, when you get a fix from MS please let me know as a few others have run into this as well.
Cheers.
KevinTheJedi
MS365 saying it's an application issue
I have the case open, with Azure and MS365
As per the PHP error, I deleted the email and re-added and still gives the same error
=============================================
PHP Fatal error: Uncaught Error: Call to a member function setConfigClass() on null in phar:///var/www/osticket/public_html/include/plugins/auth-oauth2.phar/oauth2.php:592\nStack trace:\n#0 /var/www/osticket/public_html/include/class.email.php(675): GenericEmailOauth2Provider->getPluginInstance()\n#1 /var/www/osticket/public_html/include/ajax.email.php(26): EmailAccount->saveAuth()\n#2 /var/www/osticket/public_html/include/class.dispatcher.php(151): EmailAjaxAPI->configureAuth()\n#3 /var/www/osticket/public_html/include/class.dispatcher.php(38): UrlMatcher->dispatch()\n#4 /var/www/osticket/public_html/include/class.dispatcher.php(120): Dispatcher->resolve()\n#5 /var/www/osticket/public_html/include/class.dispatcher.php(38): UrlMatcher->dispatch()\n#6 /var/www/osticket/public_html/scp/ajax.php(326): Dispatcher->resolve()\n#7 {main}\n thrown in phar:///var/www/osticket/public_html/include/plugins/auth-oauth2.phar/oauth2.php on line 592, referer: https://Mydomain.com/scp/emails.php?id=1
=============================================
[Tue Oct 18 15:36:46.738362 2022] [php:error] [pid 19162] [client 50.206.10.142:17772] PHP Fatal error: Uncaught Error: Call to a member function setConfigClass() on null in phar:///var/www/osticket/public_html/include/plugins/auth-oauth2.phar/oauth2.php:592\nStack trace:\n#0 /var/www/osticket/public_html/include/class.email.php(675): GenericEmailOauth2Provider->getPluginInstance()\n#1 /var/www/osticket/public_html/include/ajax.email.php(26): EmailAccount->saveAuth()\n#2 /var/www/osticket/public_html/include/class.dispatcher.php(151): EmailAjaxAPI->configureAuth()\n#3 /var/www/osticket/public_html/include/class.dispatcher.php(38): UrlMatcher->dispatch()\n#4 /var/www/osticket/public_html/include/class.dispatcher.php(120): Dispatcher->resolve()\n#5 /var/www/osticket/public_html/include/class.dispatcher.php(38): UrlMatcher->dispatch()\n#6 /var/www/osticket/public_html/scp/ajax.php(326): Dispatcher->resolve()\n#7 {main}\n thrown in phar:///var/www/osticket/public_html/include/plugins/auth-oauth2.phar/oauth2.php on line 592, referer: https://Mydomain.com/scp/emails.php?id=1
I deleted the email and re-added still getting the same errors:
[Tue Oct 18 15:36:46.738362 2022] [php:error] [pid 19162] [client 50.206.10.142:17772] PHP Fatal error: Uncaught Error: Call to a member function setConfigClass() on null in phar:///var/www/osticket/public_html/include/plugins/auth-oauth2.phar/oauth2.php:592\nStack trace:\n#0 /var/www/osticket/public_html/include/class.email.php(675): GenericEmailOauth2Provider->getPluginInstance()\n#1 /var/www/osticket/public_html/include/ajax.email.php(26): EmailAccount->saveAuth()\n#2 /var/www/osticket/public_html/include/class.dispatcher.php(151): EmailAjaxAPI->configureAuth()\n#3 /var/www/osticket/public_html/include/class.dispatcher.php(38): UrlMatcher->dispatch()\n#4 /var/www/osticket/public_html/include/class.dispatcher.php(120): Dispatcher->resolve()\n#5 /var/www/osticket/public_html/include/class.dispatcher.php(38): UrlMatcher->dispatch()\n#6 /var/www/osticket/public_html/scp/ajax.php(326): Dispatcher->resolve()\n#7 {main}\n thrown in phar:///var/www/osticket/public_html/include/plugins/auth-oauth2.phar/oauth2.php on line 592, referer: https://Mydomain.com/scp/emails.php?id=1
[Tue Oct 18 15:42:40.676277 2022] [php:error] [pid 19158] [client 50.206.10.142:10178] PHP Fatal error: Uncaught Error: Call to undefined function ldap_connect() in phar:///var/www/osticket/public_html/include/plugins/auth-ldap.phar/include/Net/LDAP2.php:433\nStack trace:\n#0 phar:///var/www/osticket/public_html/include/plugins/auth-ldap.phar/include/Net/LDAP2.php(339): Net_LDAP2->performConnect()\n#1 phar:///var/www/osticket/public_html/include/plugins/auth-ldap.phar/authentication.php(158): Net_LDAP2->bind()\n#2 phar:///var/www/osticket/public_html/include/plugins/auth-ldap.phar/authentication.php(191): LDAPAuthentication->getConnection()\n#3 phar:///var/www/osticket/public_html/include/plugins/auth-ldap.phar/authentication.php(430): LDAPAuthentication->authenticate()\n#4 /var/www/osticket/public_html/include/class.auth.php(341): StaffLDAPAuthentication->authenticate()\n#5 /var/www/osticket/public_html/scp/login.php(71): AuthenticationBackend::process()\n#6 {main}\n thrown in phar:///var/www/osticket/public_html/include/plugins/auth-ldap.phar/include/Net/LDAP2.php on line 433, referer: https://Mydomain.com/scp/login.php
[Tue Oct 18 15:42:40.678325 2022] [php:error] [pid 19158] [client 50.206.10.142:10178] PHP Fatal error: Uncaught Error: Call to undefined function ldap_close() in phar:///var/www/osticket/public_html/include/plugins/auth-ldap.phar/include/Net/LDAP2.php:701\nStack trace:\n#0 /var/www/osticket/public_html/include/pear/PEAR.php(755): Net_LDAP2->_Net_LDAP2()\n#1 [internal function]: _PEAR_call_destructors()\n#2 {main}\n thrown in phar:///var/www/osticket/public_html/include/plugins/auth-ldap.phar/include/Net/LDAP2.php on line 701, referer: https://Mydomain.com/scp/login.php
Of course they do. Tell them to tell us what the issue is and we can address it. Otherwise we are blind to the issue.
Then it probably didn't delete everything associated with the email for some reason. You can go to the database, delete the email in the ost_email table, delete the associated records in the ost_email_account table, and delete the associated records in the ost_config table with namespace of email.email_id.account.email_account_id. Where email_id is the email_id from the ost_email table and email_account_id is the id from the ost_email_account table.
Cheers.
Also, if it was an application issue then no one with O365 would be able to set this up which is not the case.
Cheers.
KevinTheJedi
I deleted and re-added back the email and tried again it gives the same error
I have got it to work by adding a support email address to Global Admin or Application Administrator Roles, which is a security risk, but this worked means something missing as per application requires permissions, not sure where Azure or O365
Based on docs this permission is not enough:
User.Read, offline_access, IMAP.AccessAsUser.All, POP.AccessAsUser.All, and SMTP.Send.
KevinTheJedi
My Solution at the moment is this: it's working fine since this morning
Adding permissions: User.Read, offline_access, IMAP.AccessAsUser.All, POP.AccessAsUser.All, and SMTP.Send.
and adding the App with the Cloud application administrator
I have enabled MFA on this account to protect an extra layer of security
This is my system info:
Oh yea as we currently have prompt=consent enabled so you must allow users to consent themselves. We are making this configurable in the next release.
Cheers.
I have setup OAuth2 but it is going for admin consent every time so not working to fetching the emails. Our Corporate IT manages the Azure so they followed the instructions on azure site as per OSTicket guide but it is creating this issue. Can i setup a call with OSTicket rep and our Corporate IT to fix it? It does not seem work this way since we are on different regions and I manage the OSTicket here locally and our Corporate IT has management of exchange and Azure. Please let me know how we can proceed?
You must allow users to consent themselves. You must also login as the email in order to authorize.
Cheers.
