Hmmm, then it should be working. Iām honestly at a loss here. Can you login to the database, go to the email table, copy the ID for the email in question, go to the email_account table, and search for where the email_id is equal to the ID you copied? Once you do that post a screenshot of the records (censor any sensitive info - if any).
Cheers.
@KevinTheJedi I checked the email table and the helpdesk@company.com address is ID 5. When I goto ost_email_account, the email_ID table there indicates ID 5 as well.
See the screenshots below....
Okay, and is plugin_instance with ID of 9 the correct instance for this email? You can also go to the config table and lookup WHERE namespace LIKE '%instance.9' and confirm all that information is correct. If not, you can set auth_bk and auth_id to NULL for the relevant email_account record and reconfigure the email's authentication.
Also, the email config flow should be first input the hostname, port number, and protocol. Then you select OAuth2 - Microsoft for Authentication, then click Config, fill out the OAuth2 info, and click Submit in the popup.
Cheers.
I confirmed ost_plugin_instance 9 is the helpdesk@company.com (mailbox). However, there is an instance 7 that references the same email address, except for (smtp). See the screenshot:
As for the namespace query, I got a syntax error when using the same command you shared.
Let me know if I have the syntax wrong.
Gotcha! SQL is one of my weak points. You can check over if I did run the it right, but I didn't see any data fields for auth_bk or auth_id
That all looks fine...this is so strange.
The auth_bk and auth_id columns are in the email_account table.
Cheers.
So I went into the email accounts table, set both values to NULL. Went into the email area and followed the flow you gave for setting up the account.
When I clicked on submit for the OAuth data, the page just sat there saying "Loading" with the spinning circle. No interaction with the Microsoft page. So I refreshed the page, re-entered the OAuth values and the same thing happened again:
I'm definitely at a loss here in getting this to work on the new Oauth2. Especially when others have been getting it working with far less effort.
I would either check your logs for any related errors or delete the email and re-add it.
Cheers.
The system logs in osTicket don't show anything. Are there other logs stored directly to the server file system that I should check?
I completely got rid of the old account in osTicket and setup a new email address/mailbox on Exchange for testing. Went through and setup a new OAuth2 in Azure following the directions exactly. I just wanted to rule out any other items and start fresh on that. This time when I go to submit the OAuth2, it takes me to the Microsoft portal, I log in with the new email address, grant the permissions. It takes me back to the osTicket page and beside the config button gives "invalid_client". (See screenshot)
I decided to use the previous secret ID and application ID with the original email address and it also gives the same invalid client. I was thinking that it was referencing the application ID was wrong vs MS, but I'm not sure if that is what that error means.
That means you have something configured incorrectly. I'd highly encourage you to follow the documentation below exactly as it states:
Other than that you'll have to post screenshots of your app registration (all the relevant tabs/settings) as well as the IdP Config settings in osTicket. If you do upload screenshots, please censor any sensitive info.
Cheers.
Wanted to let you know I was finally able to get it working. I went back through after deleting the entire email account (in osticket only) that was used for support emails. Recreated it and deleted the App Registration in Azure and recreated that as well.
I had deleted and recreated the App Registration several times and each time it hadn't worked in the past. However I found out what the issue was. During the steps when getting to add a client secret, I kept looking at the image in the tutorial and kept getting the "Secret ID" vs the "Value". I think that was because I tend to be a visual person and also kept associating the ID with the "Secret" one.
Regardless, I got it working and maybe as a point of reference if the tutorial is ever updated, maybe highlighting or circling the one for us visual folks could be a help, but certainly not a fault of osTicket by any means. 
I have confirmed tickets are flowing through and everything is working perfectly with staff.
oauth-scp-login-redirecting-to-client-page Only Problem is that any solutions?
