@ntozier

Any thoughts here? I know normal API requests work on IIS so any reason why new API urls (using same base url) wouldn't work?

Cheers.

I'm a new user to osTicket and huge thank you to those supporting it. I am having an error when trying to get a token with oauth2 plugin. I go through setting up the app registration in azure, copied the application id, registration token, granted permissions for the graph api's in KevinTheJedi's instructions (followed them to a T). The error i'm getting is "No input file specified" when requesting a token. I have apache2, rewrite engine on, allowoverride all etc. I am running the latest 17RC4 with the newest plugin for oath2. I even added the directives for rewrite engine on and allowoverride all in the global config. If you have any ideas please help - I've searched all over for fixes and have been working on it for quite a while.

    jiggs
    These settings have worked for me, if you still have an issue, you should open your own thread and post your server setup details

    email Address Attribute part, you have different, based on your AD settings

    Client Id: *
    IdP Client / Application Identifier

    Client Secret:
    IdP Client Secret

    Scopes: *
    Comma or Space separated scopes depending on IdP requirements
    offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send

    Authorization Endpoint: *
    Authorization URL
    https://login.microsoftonline.com/common/oauth2/v2.0/authorize

    Token Endpoint: *
    Access Token URL
    https://login.microsoftonline.com/common/oauth2/v2.0/token

    Resource Details Endpoint: *
    User Details URL
    https://outlook.office.com/api/v2.0/me

    Email Address Attribute: *
    Please consult your provider docs for the correct attribute to use
    emailAddress

    Callback Endpoint: *
    Redirect Uri
    https://YourSupportTicketAddress.com/api/auth/oauth2

      jiggs

      You definitely don’t have URL Rewriting enabled properly. Please review Apache documentation on how to enable URL Rewriting. Once you make the change you must restart Apache.

      Cheers.

        4 days later

        @JeffAv No luck on my end yet. I'm going to try what @KevinTheJedi said and manually create the rules present in \osticket\api as rules in IIS. Please do let me know if you find a way around this.

          rjkunde
          Compare the default web.config file with your web.config file and ensure you have the following section in it under the <system.webServer> section

              <rewrite>
        <rules>
            <rule name="HTTP api" stopProcessing="true">
                <match url="^(.*/)?api/(.*)$" ignoreCase="true"/>
                <conditions>
                    <add input="{REQUEST_FILENAME}" matchType="IsFile"
                        ignoreCase="false" negate="true" />
                    <add input="{REQUEST_FILENAME}" matchType="IsDirectory"
                        ignoreCase="false" negate="true" />
                </conditions>
                <action type="Rewrite" url="{R:1}api/http.php/{R:2}"/>
            </rule>
            <rule name="Site pages" stopProcessing="true">
                <match url="^(.*/)?pages/(.*)$" ignoreCase="true"/>
                <conditions>
                    <add input="{REQUEST_FILENAME}" matchType="IsFile"
                        ignoreCase="false" negate="true" />
                    <add input="{REQUEST_FILENAME}" matchType="IsDirectory"
                        ignoreCase="false" negate="true" />
                </conditions>
                <action type="Rewrite" url="{R:1}pages/index.php/{R:2}"/>
            </rule>
            <rule name="Staff applications" stopProcessing="true">
                <match url="^(.*/)?scp/apps/(.*)$" ignoreCase="true"/>
                <conditions>
                    <add input="{REQUEST_FILENAME}" matchType="IsFile"
                        ignoreCase="false" negate="true" />
                    <add input="{REQUEST_FILENAME}" matchType="IsDirectory"
                        ignoreCase="false" negate="true" />
                </conditions>
                <action type="Rewrite" url="{R:1}scp/apps/dispatcher.php/{R:2}"/>
            </rule>
        </rules>
    </rewrite>

          Hope that helps you.

              mbanyard That was it! Thanks! My web.config file wasn't present at all. I copied one from a working osticket instance that we have in prod. Not sure how this didn't make it into the dev install.

              Now on to a new error:
              cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://login.microsoftonline.com/{TOKEN-REMOVED}/oauth2/v2.0/token

                  rjkunde

                  You are having certificate issues (maybe self-signed cert or something). You need to follow the link in the error and look for possible resolutions.

                  Cheers.

                    The server has a valid Let's Encrypt cert. Verified w/ multiple browsers. Unclear why this error is happening. The links are to the libcurl docs, which state: The remote server's SSL certificate or SSH fingerprint was deemed not OK.

                    If I find anything I'll post more info.

                    Looks potentially related to not sending intermediate certs. Not sure if I have to set certificate paths in PHP, I thought ACME/Let's Encrypt handled it. Still looking.

                    rjkunde

                    What versions do you have installed?

                    • osTicket
                    • oauth2 Plugin
                    • PHP

                    Are you running the phar version of the oauth2 plugin?

                    Also try rebooting the server or running IISRESET from an elevated PowerShell prompt

                      Rebooted server, no change: invalid_client
                      Versions:
                      osTicket (v1.17-rc4)
                      Oauth2 Client 0.3
                      PHP 8.1.10
                      Windows Server 2019 Standard
                      IIS 10.0.17763.1

                      Not sure on phar or not, I didn't actually install the plugin, someone else did. I can confirm though.

                      Ah, the plugin is now on v0.6
                      Please update it and test again.

                      So latest plugin version seems to be 0.5, and we're using the phar version. But using the new plugin throws a 500 and the modal window doesn't populate. To get 0.6, do I need to compile myself from the github repo?

                      Any ideas?

                        Swapping back to the old plugin doesn't resolve it. I'm going to replace all of the core files and start fresh.

                        rjkunde

                        At the moment yes; when stable is released the plugin on our website will be updated. You can actually download the raw folder/files from github, put the auth-oauth2 folder in the include/plugins/ directory, go to the database and go to the plugins table, change the install_path from plugins/auth-oauth2.phar to just plugins/auth-oauth2, update isphar from 1 to 0, and you should be good.

                        Cheers.

                            KevinTheJedi Is this the updated plugin?
                            https://github.com/osTicket/osTicket-plugins/blob/develop/auth-oauth/plugin.php
                            The version says .1. I tested again with OAuth2 plugin 0.3, I can click the edit configuration just fine. If I uninstall it, and install 0.5 from the website, I receive 500 errors and a blank modal (no php or IIS errors that I can see). I'll gladly try what you recommended but I don't see 0.6 listed anywhere.