osTicket Version: v1.17 (1d8b790)
Web Server: Apache/2.4.38 (Debian)
Current Setup: [VM hosting osTicket] <> [Windows Server 2016 IIS] <> [CLIENTS]
I have osTicket running in a Debian VM, that I access via a reverse proxy through IIS. osTicket is set up via HTTP only, and I have a certificate set up on IIS that everyone accesses the site through. Up until trying to use OAUTH, I haven't had any issues. Unless specified below, all access to the site is via the reverse proxy, not direct.

After installing the OAUTH plugin, I had a really hard time trying to get login authentication working. I would click on the "Sign in with Azure" link, but it kept going to https://[my.domain.com]/{rest of URL} instead of https://login.microsoftonline.com/{rest of URL}. If I browsed directly to the VM, it worked as expected. I was able to determine that it was a rewrite issue, and after much searching, I found that I had to install the "Application Routing Request" application, and from there disable the "Reverse rewrite host in response headers" option. Now I can log in to osTicket via Azure.

Now I am trying to set up my e-mail via OAUTH. If I click on the Config button in the e-mail setup, all I get is a thin white box. It won't disappear until I reload the page.

If I access the site directly, clicking Config goes to the Microsoft login page, and upon entering in the e-mail account, it comes up to the "Approval required / unverified / This app requires your admin's approval" screen. I enter in the reason, and then I approve the request via my Azure admin account. However, even after approving the request, it keeps asking over and over for approval and doesn't go any further. Additionally, if I try using my Azure admin account to log in rather than the e-mail, I get the "Permissions requested / osTicket / unverified / This application is not published by Microsoft / Give Consent" form. Even after giving consent, it just goes back to the osTicket customer login page, and re-running the Config just starts over at square one.

Has anyone run into this particular issue yet?

Unfortunately giving users the ability to consent on behalf of the organization does not work. It still goes as follows:

Access osTicket site via IP > Email > Config > Fill out Microsoft login > Accept Permissions > Goes back to osTicket Main Page via Proxy URL

Clicking the Config button when accessing the site via Proxy returns this

I was able to successfully configure an e-mail account by brute force.

-I connected to the site via IP
-I changed the Redirect URI to the IP of the server using HTTPS (which isn't configured on the server)(https://0.0.0.0/api/auth/oauth2)
-I added the URL to Azure
-I went through the config process. When it returns, the page fails to load due to not having HTTPS on. I changed the URL in the browser to HTTP, and it uploaded the token to osTicket
-osTicket imported the pending mail

How can I help the developers rectify this issue?

Unfortunately it seems like my luck didn't last. The e-mail did not pull a new token, and I am no longer able to pull e-mail into osTicket.

It has to be some sort of rewrite issue, but I'm not sure where to look?