That’s fine. The redirect happens locally (in the browser) so as long as you can access it locally that’s good. All the URLs do have to match though. As in, the URL you are submitting the popup from, the URL in the email config, and the Redirect URL in the App Registration.
Cheers.
Thanks for the info on the redirect. The URI on osticket, on Azure and what is being accessed in the browser physically from that server are all identical. However I did note that the server osTicket is on has a self signed cert. When using Edge or Chrome to access, they complain about it not being secure and mark out the https, but still state there is a cert there. I take it that wouldn't make any difference?
I'm really scratching my head at this one....
I don't think so.
What you can do is Right Click + Inspect the page, and go to the Network tab before submitting the popup; make sure you select the option to Preserve Logs. Then you can go through the process and when you get redirected to osTicket check the responses from the requests to see if there are any errors being kicked back or something.
Cheers.
Thanks for that info. I've re-ran the authorization process with the Inspect open and preserving the log. Should I be looking in the Headers, Response, Initiator, etc tabs for any particular errors or somewhere specific?
bawalker Response tab
Also when it brings you back to osTicket without the banner try submitting the popup once more to see if you get an error or something.
Cheers.
I am looking at the "name" category and see the moment from where the request url goes from microsoft over to the internal lan server. In fact the request URL is https://supportmaster/osticket/api/auth/oauth2?code=..... There is a status code of 302 (yellow) with no explicit errors.
The next name column item is that it's showing the request URL of https://supportmaster/osTicket/scp/emails.php?id=5 which is when I assume it takes me back to the locally hosted osticket email page where I was at originally. Status code is 200 (green)
From that point it's alot of jqueries, css, and site images logging those. So far I can't find anything explict error wise appearing.
Hmmm, then it should be working. I’m honestly at a loss here. Can you login to the database, go to the email table, copy the ID for the email in question, go to the email_account table, and search for where the email_id is equal to the ID you copied? Once you do that post a screenshot of the records (censor any sensitive info - if any).
Cheers.
@KevinTheJedi I checked the email table and the helpdesk@company.com address is ID 5. When I goto ost_email_account, the email_ID table there indicates ID 5 as well.
See the screenshots below....
Okay, and is plugin_instance with ID of 9 the correct instance for this email? You can also go to the config table and lookup WHERE namespace LIKE '%instance.9' and confirm all that information is correct. If not, you can set auth_bk and auth_id to NULL for the relevant email_account record and reconfigure the email's authentication.
Also, the email config flow should be first input the hostname, port number, and protocol. Then you select OAuth2 - Microsoft for Authentication, then click Config, fill out the OAuth2 info, and click Submit in the popup.
Cheers.
I confirmed ost_plugin_instance 9 is the helpdesk@company.com (mailbox). However, there is an instance 7 that references the same email address, except for (smtp). See the screenshot:
As for the namespace query, I got a syntax error when using the same command you shared.
Let me know if I have the syntax wrong.
Gotcha! SQL is one of my weak points. You can check over if I did run the it right, but I didn't see any data fields for auth_bk or auth_id
That all looks fine...this is so strange.
The auth_bk and auth_id columns are in the email_account table.
Cheers.
So I went into the email accounts table, set both values to NULL. Went into the email area and followed the flow you gave for setting up the account.
When I clicked on submit for the OAuth data, the page just sat there saying "Loading" with the spinning circle. No interaction with the Microsoft page. So I refreshed the page, re-entered the OAuth values and the same thing happened again:
I'm definitely at a loss here in getting this to work on the new Oauth2. Especially when others have been getting it working with far less effort.
I would either check your logs for any related errors or delete the email and re-add it.
Cheers.
The system logs in osTicket don't show anything. Are there other logs stored directly to the server file system that I should check?
I completely got rid of the old account in osTicket and setup a new email address/mailbox on Exchange for testing. Went through and setup a new OAuth2 in Azure following the directions exactly. I just wanted to rule out any other items and start fresh on that. This time when I go to submit the OAuth2, it takes me to the Microsoft portal, I log in with the new email address, grant the permissions. It takes me back to the osTicket page and beside the config button gives "invalid_client". (See screenshot)
I decided to use the previous secret ID and application ID with the original email address and it also gives the same invalid client. I was thinking that it was referencing the application ID was wrong vs MS, but I'm not sure if that is what that error means.
That means you have something configured incorrectly. I'd highly encourage you to follow the documentation below exactly as it states:
Other than that you'll have to post screenshots of your app registration (all the relevant tabs/settings) as well as the IdP Config settings in osTicket. If you do upload screenshots, please censor any sensitive info.
Cheers.
Wanted to let you know I was finally able to get it working. I went back through after deleting the entire email account (in osticket only) that was used for support emails. Recreated it and deleted the App Registration in Azure and recreated that as well.
I had deleted and recreated the App Registration several times and each time it hadn't worked in the past. However I found out what the issue was. During the steps when getting to add a client secret, I kept looking at the image in the tutorial and kept getting the "Secret ID" vs the "Value". I think that was because I tend to be a visual person and also kept associating the ID with the "Secret" one.
Regardless, I got it working and maybe as a point of reference if the tutorial is ever updated, maybe highlighting or circling the one for us visual folks could be a help, but certainly not a fault of osTicket by any means. 
I have confirmed tickets are flowing through and everything is working perfectly with staff.
