gkowalski Where did you enable this? If it is the .htaccess which one or what directory does it go in? On the 365 side, which settings are needed? It would be helpful for some kind of documentation to be put together for how to do this, or if I can figure it out I would be happy to toss something together with a step-by-step.
Basic Authentication Retirement for legacy protocols in Exchange Online
- Edited
Mitchell-GMIC I realized I must have only had a partial install or something because none of the .htaccess files were present in my web server, however they are present in my local copy of the folders. When I added the .htaccess file to the api folder I now get a different error:
This is coming up after I have logged in to Office 365.
The URL bar shows this: https://helpdeskfancyurl.com/api/auth/oauth2?error=invalid_request&error_description=AADSTS50194%3a
So when researching what that error means, it appears Microsoft says I need to configure my app registration as multi-tenant. I am all sorts of confused here. Any help would be appreciated. If it is best to split this off in to another thread let me know and I would be happy to do that as well.
Are you trying to setup a personal email address or a business account one with a custom domain tenant? After fighting with MS for almost a month they finally told me that they do not allow OAuth2 support with personal emails unless you setup a custom domain and a new tenant reflecting that.
Cheers.
Any thoughts here? I know normal API requests work on IIS so any reason why new API urls (using same base url) wouldn't work?
Cheers.
I'm a new user to osTicket and huge thank you to those supporting it. I am having an error when trying to get a token with oauth2 plugin. I go through setting up the app registration in azure, copied the application id, registration token, granted permissions for the graph api's in KevinTheJedi's instructions (followed them to a T). The error i'm getting is "No input file specified" when requesting a token. I have apache2, rewrite engine on, allowoverride all etc. I am running the latest 17RC4 with the newest plugin for oath2. I even added the directives for rewrite engine on and allowoverride all in the global config. If you have any ideas please help - I've searched all over for fixes and have been working on it for quite a while.
jiggs
These settings have worked for me, if you still have an issue, you should open your own thread and post your server setup details
email Address Attribute part, you have different, based on your AD settings
Client Id: *
IdP Client / Application Identifier
Client Secret:
IdP Client Secret
Scopes: *
Comma or Space separated scopes depending on IdP requirements
offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send
Authorization Endpoint: *
Authorization URL
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
Token Endpoint: *
Access Token URL
https://login.microsoftonline.com/common/oauth2/v2.0/token
Resource Details Endpoint: *
User Details URL
https://outlook.office.com/api/v2.0/me
Email Address Attribute: *
Please consult your provider docs for the correct attribute to use
emailAddress
Callback Endpoint: *
Redirect Uri
https://YourSupportTicketAddress.com/api/auth/oauth2
You definitely don’t have URL Rewriting enabled properly. Please review Apache documentation on how to enable URL Rewriting. Once you make the change you must restart Apache.
Cheers.
4 days later
@JeffAv No luck on my end yet. I'm going to try what @KevinTheJedi said and manually create the rules present in \osticket\api as rules in IIS. Please do let me know if you find a way around this.
rjkunde
Compare the default web.config file with your web.config file and ensure you have the following section in it under the <system.webServer> section
<rewrite>
<rules>
<rule name="HTTP api" stopProcessing="true">
<match url="^(.*/)?api/(.*)$" ignoreCase="true"/>
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile"
ignoreCase="false" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory"
ignoreCase="false" negate="true" />
</conditions>
<action type="Rewrite" url="{R:1}api/http.php/{R:2}"/>
</rule>
<rule name="Site pages" stopProcessing="true">
<match url="^(.*/)?pages/(.*)$" ignoreCase="true"/>
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile"
ignoreCase="false" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory"
ignoreCase="false" negate="true" />
</conditions>
<action type="Rewrite" url="{R:1}pages/index.php/{R:2}"/>
</rule>
<rule name="Staff applications" stopProcessing="true">
<match url="^(.*/)?scp/apps/(.*)$" ignoreCase="true"/>
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile"
ignoreCase="false" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory"
ignoreCase="false" negate="true" />
</conditions>
<action type="Rewrite" url="{R:1}scp/apps/dispatcher.php/{R:2}"/>
</rule>
</rules>
</rewrite>Hope that helps you.
- Edited
mbanyard That was it! Thanks! My web.config file wasn't present at all. I copied one from a working osticket instance that we have in prod. Not sure how this didn't make it into the dev install.
Now on to a new error:
cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://login.microsoftonline.com/{TOKEN-REMOVED}/oauth2/v2.0/token
You are having certificate issues (maybe self-signed cert or something). You need to follow the link in the error and look for possible resolutions.
Cheers.
The server has a valid Let's Encrypt cert. Verified w/ multiple browsers. Unclear why this error is happening. The links are to the libcurl docs, which state: The remote server's SSL certificate or SSH fingerprint was deemed not OK.
If I find anything I'll post more info.
Looks potentially related to not sending intermediate certs. Not sure if I have to set certificate paths in PHP, I thought ACME/Let's Encrypt handled it. Still looking.
- Edited
Resolved: cURL error 60: SSL certificate problem: unable to get local issuer certificate
Solution: Download https://curl.haxx.se/ca/cacert.pem (new CA list from CURL), place in:
Then add to PHP.ini, and reboot web server:
New error: invalid_client
Rebooted server, no change: invalid_client
Versions:
osTicket (v1.17-rc4)
Oauth2 Client 0.3
PHP 8.1.10
Windows Server 2019 Standard
IIS 10.0.17763.1
Not sure on phar or not, I didn't actually install the plugin, someone else did. I can confirm though.
You can follow this guide to make sure you did everything correctly:
Cheers.
Ah, the plugin is now on v0.6
Please update it and test again.
Thanks @mbanyard and @KevinTheJedi I'll try updating the client this afternoon and see what happens.