Mitchell-GMIC I realized I must have only had a partial install or something because none of the .htaccess files were present in my web server, however they are present in my local copy of the folders. When I added the .htaccess file to the api folder I now get a different error:

This is coming up after I have logged in to Office 365.

The URL bar shows this: https://helpdeskfancyurl.com/api/auth/oauth2?error=invalid_request&error_description=AADSTS50194%3a

So when researching what that error means, it appears Microsoft says I need to configure my app registration as multi-tenant. I am all sorts of confused here. Any help would be appreciated. If it is best to split this off in to another thread let me know and I would be happy to do that as well.

      Mitchell-GMIC

      Are you trying to setup a personal email address or a business account one with a custom domain tenant? After fighting with MS for almost a month they finally told me that they do not allow OAuth2 support with personal emails unless you setup a custom domain and a new tenant reflecting that.

      Cheers.

        rjkunde I'm getting the same error also with IIS. I have the URL Rewrite module installed but no rules.

          @ntozier

          Any thoughts here? I know normal API requests work on IIS so any reason why new API urls (using same base url) wouldn't work?

          Cheers.

          I'm a new user to osTicket and huge thank you to those supporting it. I am having an error when trying to get a token with oauth2 plugin. I go through setting up the app registration in azure, copied the application id, registration token, granted permissions for the graph api's in KevinTheJedi's instructions (followed them to a T). The error i'm getting is "No input file specified" when requesting a token. I have apache2, rewrite engine on, allowoverride all etc. I am running the latest 17RC4 with the newest plugin for oath2. I even added the directives for rewrite engine on and allowoverride all in the global config. If you have any ideas please help - I've searched all over for fixes and have been working on it for quite a while.

            jiggs
            These settings have worked for me, if you still have an issue, you should open your own thread and post your server setup details

            email Address Attribute part, you have different, based on your AD settings

            Client Id: *
            IdP Client / Application Identifier

            Client Secret:
            IdP Client Secret

            Scopes: *
            Comma or Space separated scopes depending on IdP requirements
            offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send

            Authorization Endpoint: *
            Authorization URL
            https://login.microsoftonline.com/common/oauth2/v2.0/authorize

            Token Endpoint: *
            Access Token URL
            https://login.microsoftonline.com/common/oauth2/v2.0/token

            Resource Details Endpoint: *
            User Details URL
            https://outlook.office.com/api/v2.0/me

            Email Address Attribute: *
            Please consult your provider docs for the correct attribute to use
            emailAddress

            Callback Endpoint: *
            Redirect Uri
            https://YourSupportTicketAddress.com/api/auth/oauth2

              jiggs

              You definitely don’t have URL Rewriting enabled properly. Please review Apache documentation on how to enable URL Rewriting. Once you make the change you must restart Apache.

              Cheers.

                4 days later

                @JeffAv No luck on my end yet. I'm going to try what @KevinTheJedi said and manually create the rules present in \osticket\api as rules in IIS. Please do let me know if you find a way around this.

                  rjkunde
                  Compare the default web.config file with your web.config file and ensure you have the following section in it under the <system.webServer> section

                      <rewrite>
        <rules>
            <rule name="HTTP api" stopProcessing="true">
                <match url="^(.*/)?api/(.*)$" ignoreCase="true"/>
                <conditions>
                    <add input="{REQUEST_FILENAME}" matchType="IsFile"
                        ignoreCase="false" negate="true" />
                    <add input="{REQUEST_FILENAME}" matchType="IsDirectory"
                        ignoreCase="false" negate="true" />
                </conditions>
                <action type="Rewrite" url="{R:1}api/http.php/{R:2}"/>
            </rule>
            <rule name="Site pages" stopProcessing="true">
                <match url="^(.*/)?pages/(.*)$" ignoreCase="true"/>
                <conditions>
                    <add input="{REQUEST_FILENAME}" matchType="IsFile"
                        ignoreCase="false" negate="true" />
                    <add input="{REQUEST_FILENAME}" matchType="IsDirectory"
                        ignoreCase="false" negate="true" />
                </conditions>
                <action type="Rewrite" url="{R:1}pages/index.php/{R:2}"/>
            </rule>
            <rule name="Staff applications" stopProcessing="true">
                <match url="^(.*/)?scp/apps/(.*)$" ignoreCase="true"/>
                <conditions>
                    <add input="{REQUEST_FILENAME}" matchType="IsFile"
                        ignoreCase="false" negate="true" />
                    <add input="{REQUEST_FILENAME}" matchType="IsDirectory"
                        ignoreCase="false" negate="true" />
                </conditions>
                <action type="Rewrite" url="{R:1}scp/apps/dispatcher.php/{R:2}"/>
            </rule>
        </rules>
    </rewrite>

                  Hope that helps you.

                      mbanyard That was it! Thanks! My web.config file wasn't present at all. I copied one from a working osticket instance that we have in prod. Not sure how this didn't make it into the dev install.

                      Now on to a new error:
                      cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://login.microsoftonline.com/{TOKEN-REMOVED}/oauth2/v2.0/token

                          rjkunde

                          You are having certificate issues (maybe self-signed cert or something). You need to follow the link in the error and look for possible resolutions.

                          Cheers.

                            The server has a valid Let's Encrypt cert. Verified w/ multiple browsers. Unclear why this error is happening. The links are to the libcurl docs, which state: The remote server's SSL certificate or SSH fingerprint was deemed not OK.

                            If I find anything I'll post more info.

                            Looks potentially related to not sending intermediate certs. Not sure if I have to set certificate paths in PHP, I thought ACME/Let's Encrypt handled it. Still looking.

                            rjkunde

                            What versions do you have installed?

                            • osTicket
                            • oauth2 Plugin
                            • PHP

                            Are you running the phar version of the oauth2 plugin?

                            Also try rebooting the server or running IISRESET from an elevated PowerShell prompt

                              Rebooted server, no change: invalid_client
                              Versions:
                              osTicket (v1.17-rc4)
                              Oauth2 Client 0.3
                              PHP 8.1.10
                              Windows Server 2019 Standard
                              IIS 10.0.17763.1

                              Not sure on phar or not, I didn't actually install the plugin, someone else did. I can confirm though.

                              Ah, the plugin is now on v0.6
                              Please update it and test again.

                              So latest plugin version seems to be 0.5, and we're using the phar version. But using the new plugin throws a 500 and the modal window doesn't populate. To get 0.6, do I need to compile myself from the github repo?

                              Any ideas?