Hi everyone,
We're using the auth-oauth2 plugin in osTicket (v1.18.2) on IIS with Azure AD for OAuth2 login.
Both agents and users are successfully authenticated through OAuth2.
The issue is with HTTP Passthru authentication:
It works only for agents, because I created those accounts manually and explicitly set their username to match the Windows login (e.g., jdoe).
For end users, the accounts are created automatically during the first OAuth2 login. However, the plugin sets their email address (e.g., john.doe@example.com) as the username.
Since HTTP Passthru only checks for the Windows username (e.g., DOMAIN\jdoe), the auto-created users cannot be auto-logged in through HTTP Passthru.
If I manually edit the user's username field and replace the email address with their Windows login (e.g., jdoe), HTTP Passthru starts working immediately.
What I’ve tried:
I changed the configured attribute for the OAuth2 username field from userPrincipalName to sAMAccountName, hoping that the plugin would use that value instead. Unfortunately, the plugin continues to set the email address as username during auto-creation, and seems to ignore the configured username attribute.
Questions:
1) Is there a way to force the plugin to use a specific AD attribute (like sAMAccountName) as the username?
2) Can this mapping be configured properly somewhere in the plugin settings or code? It's possible for me to change code inside the .phar file if needed...
Any help or guidance would be very much appreciated!
Thank you in advance!
PS: I spent the last 3 days reading OAuth threads and searched Google a lot, reverse engineered some files. Please excuse if I missed something. Let me know when you need more information from me!
