I've been working on this for a week now and have been trying everything I could think of to get Office 365 Oaut2 to work for email fetching. Following the official osTicket guide, I was able to configure an app and get things set up properly as instructed, but I kept getting an error 404 from my apache server when attempting to authenticate the email account. I thought the issues was related the the URL rewrite module for Apache not working, but I was able to confirm that it was enabled and working properly. That wasn't the problem. After tailing logs in live view, I started digging into the errors I was seeing and narrowed the issue down to the .htaccess file. The file provided in osTicket was correct, but I found the issue to be with the defualt Apache configuration and today, I got it resolved! The Apache config we had running here was blocking access to .htaccess files! Adding the following lines as found from this post from 2014 on github, everything worked! Screenshots are provided below.
For anyone interested, our setup is a VM of FreeBSD that runs as a reverse proxy. I set this up years ago following this guide but mine is running on a Hyper-V hypervisor so I used the instruction from that page as more of a guide. I also opted to use acme.sh over Certbot as we utilize Freedns for our owned domains. On another box I had available that was underutilized, I decided to build out a new osTicket server over upgrading the old one I had up and running. I figured I'd rather not break something that was working (outside of email fetching) if I could avoid it. This box has TrueNAS core running, and I created a Jail for a FAMP stack. I am using MariaDB, Apache, and PHP 8.0. Once I had this up and running with all necessary packages and updates applied, I installed osTicket 1.17 and imported my SQL backup of the existing system and restored it into the new server. After running the upgrade to the database, everything was up and running. Then I configured the email account in question and after making the changes referenced above, everything worked and I was able to authenticate! So for me, the issue was related to Apache blocking the .htaccess files.
I figured I'd share in case anyone else runs into a similar problem. Here is the apache config with the added lines highlighted:
Here is the NGINX Conf file that passes through traffic:
We are back up and running with full email functionality after a week of troubleshooting!
