Hi everyone, I seem to have discovered an issue with the Oauth2 plugin when using Azure AD.
I have noticed that unless the user is an admin or the tenancy has the option to require admin approval for apps disabled, the authentication fails due to the admin consent prompt being displayed for every authentication request, even after permission has been granted for the organisation.
The application audit logs in Azure show the message:
Activity: 'Add app role assignment grant to user'
Status: Failure
Searching around has lead me to this post about a different application but the exact same behaviour - https://www.reddit.com/r/sysadmin/comments/m0qv4m/azure_application_consent_requests_failing_help/
Similar to the second comment on that thread, I have confirmed that osTicket plugin is indeed sending the "&prompt=consent" attribute in the URL which is causing Azure to seek admin approval every time, and removing it manually from the request enables the application to authenticate correctly as a standard user once admin approval has been granted for the organisation.
Is there any way to change the request that the plugin makes to exclude this?
Thanks
Gary
