I hope someone can help wiht this. We've been struggling to get modern authentication working correctly, and our engineer upgraded our install to V1.17.2 in an attempt to get this working. when we now try to configure either incoming or outgoing email, we get this:
we have tried to create a new OAUth plugin but get the same result. Has anyone come across this or have any suggestions as to how we can progress.
Kind Regards
Pete
Kevin,
to add new email i need to move th default email to it. I cannot see the save option in my view.
As you can see i cannot change away from default email as i have no way to save the options.
Anything on this @KevinTheJedi
Hi Kevin,
Issue above has been resolved by another one of your posts. using the method of deleting rouge enteries from table ost_email_account. Now working on OAuth2. hoping to get the email Fetch back up and running.
Hi , I managed to save the settings and autneticate. However, we are still not seeing the emails being processed.
Server logs indicated the following.
Can you please advise if there is somehting we can do to make this to work.
You will need to check your cron job. Make sure it's using the appropriate PHP version, etc. You can also run it manually on the server to see if it's kicking back any errors. Additionally, you can set your osTicket Default Log Level to DEBUG, run the cron, and check the osTicket System Logs for any related errors.
Cheers.
Hi @KevinTheJedi ,
actually our Oauth2 is not setup correctly. My issue is that i never see the "success screen" when saving the credentials. We never get redirected. If i manully click "Back to App", i go to OSTickets home page front. I don't see the "token" tab either. since not seeing any errors, i wrongly assumed we had a autherrised successfully.
Then you will need to post a screenshot of your App Registration (censor any sensitive info).
Cheers.
Please let me know if you need any otehr screens.
So, a little excessive on the API Permissions but that's fine as all the ones we need are enabled and the Admin has granted consent. The Redirect URI should be of type Web and should match what is in osTicket email config Redirect URI field (which appears to be). The Client ID is the Application (client) ID from the Overview tab. The Client Secret is the Value for the Secret you created. Lastly, the Endpoints should be the first two URIs in the Endpoints blade that appears when clicking the Endpoints button at the top of the Overview tab.
All the rest of the osTicket email config stays default (Resource Details Endpoint, Scopes, and Email Address Attribute); which looks like it is from your screenshot. Once you fill all that out correctly, you need to submit the popup, login as the email you are trying to configure in the helpdesk, and click Accept on the consent screen. After this you should be redirected to osTicket with a success banner. Once you see the success banner click the Config button again and you should see a new tab called Token with the relevant Token information.
Cheers.
If that doesn't redirect you then you can add a random scope like https://outlook.office.com/Imap.AccessAsUser.All to the Scopes and click Submit to invalidate the current config. This should force a redirect to MS to login as the config has changed.
Cheers.
KevinTheJedi
Kevin,
we are getting rediected to MS correctly this is the part that does not succeed.
"After this you should be redirected to osTicket with a success banner. Once you see the success banner click the Config button again and you should see a new tab called Token with the relevant Token information."
We never see the success banner. I see the following.
Nothing happens until i click Back to app.
When i click back to App, i see below.
Once i go back and sign in as admin, i see no token tab.
If you have to request admin consent then it breaks the auth flow and we never get a token. This is also why it goes back to the client portal because it doesn’t know what to do. You will need to either allow Users to consent themselves or allow global consent via Registered Applications > click app > Permissions > click Grant Admin Consent, then you will need to wait 15 minutes and resubmit the popup.
Cheers.
Hi Kevin,
thank you for this. We managed to get this workign by making the supportt user a global admin. however, we are facing a new challange now. as soon as the permissions are reverted the Emails stop fetching. I am sure you would understadn that we cannot leave this user as global admin indefinitely due to cyber Security concerns.
Can you please advise.
Please read my previous response. I gave you two options that do not require global admin privileges.
Cheers.
Hello Kevin,
We did try those but it did not work for us, we were still getting an admin prompt. However, i can now confirm that the system appears to be working even though the user permissions are changed now. Application continues to work as the permission were oroginally granted under global admin.
thank you for your help 
