Learn about Centmin Mod LEMP Stack today
Register Now

Anyone using osTicket with Microsoft 365 auth2

Discussion in 'Other Web Apps usage' started by Mastergumble, Jan 20, 2023.

  1. Mastergumble

    Mastergumble Member

    44
    8
    8
    Sep 29, 2016
    Ratings:
    +17
    Local Time:
    10:50 AM
    1.11.x
    10.x
    Im using osTicket for years but now with the auth changes on the Microsoft 365 I can't put the mail fetching again.

    Anyone is using this, I changed so many things already and still no luck, already did a lot of tests with diferent rewrites from other ideas but I still can't validate the auth2 to Azure.

     
  2. eva2000

    eva2000 Administrator Staff Member

    52,767
    12,078
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,605
    Local Time:
    7:50 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Don't use any of the mentioned services/products so can't help. What auth changes happened on Microsoft 365?
     
  3. Mastergumble

    Mastergumble Member

    44
    8
    8
    Sep 29, 2016
    Ratings:
    +17
    Local Time:
    10:50 AM
    1.11.x
    10.x
    Hi,

    Now we need to create an app to validate the permission throught Azure to fetching the emails from the 365 account. I was again checking the steps from Microsoft and I think the app registration is correct but when I try to validate the auth it gives me URL not supported when it should open the
    domain.name/api/auth/oauth2?code=0.ATsAFXbRH...

    The only changes to the default conf at this point

    Code:
    if ($request_uri ~ "^/api(/[^\?]+)") {
        set $path_info $1;
    }
    
    location ~ ^/api/(?:tickets|tasks|auth).*$ {
        try_files $uri $uri/ /api/http.php?$query_string;
    }
     
  4. eva2000

    eva2000 Administrator Staff Member

    52,767
    12,078
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,605
    Local Time:
    7:50 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  5. eva2000

    eva2000 Administrator Staff Member

    52,767
    12,078
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,605
    Local Time:
    7:50 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    no idea if config at https://forum.osticket.com/d/85324-nginx-setup-config/7 is correct but if it is, then the issue is how Centmin Mod PHP-FPM defines path_info by default. You'd need to make a copy of /usr/local/nginx/conf/php.conf like /usr/local/nginx/conf/php_osticket.conf
    Code (Text):
    cp -a /usr/local/nginx/conf/php.conf /usr/local/nginx/conf/php_osticket.conf
    

    Then edit /usr/local/nginx/conf/php_osticket.conf by changing first line from
    Code (Text):
    location ~ [^/]\.php(/|$) {
    

    to
    Code (Text):
    location ~ \.php$ {
    

    Then edit /usr/local/nginx/conf/php_osticket.conf comment out with hash # in front
    Code (Text):
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        if (!-f $document_root$fastcgi_script_name) {
            return 404;
        }
    

    Then edit /usr/local/nginx/conf/php_osticket.conf, change from
    Code (Text):
    fastcgi_param  PATH_INFO          $fastcgi_path_info;

    to
    Code (Text):
    fastcgi_param  PATH_INFO    $path_info;

    Then edit nginx vhost /usr/local/nginx/conf/conf.d/yourdomain.com.ssl.conf and replace php.conf include file /usr/local/nginx/conf/php.conf with /usr/local/nginx/conf/php_osticket.conf
    Then restart nginx and php-fpm services
    Code (Text):
    nprestart
    


    The difference is Centmin Mod default php.conf for a request is made for /api/auth/oauth2?code=0.ATsAFXbRH, the script name would be /api/auth/oauth2.php and the value of $path_info would be ?code=0.ATsAFXbRH which maybe not what osTicket is looking for as the line:
    Code (Text):
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;

    splits the request URI into two parts: the script name and the path info. The first part, the script name, is captured by the first capturing group (.+?\.php), and the second part, the path info, is captured by the second capturing group (/.*).

    The changes I suggest in theory would be so that the value of $path_info would be the part of the request URI after /api, which is /auth/oauth2 in this case

    The rest would be for you to figure out :)
     
  6. Mastergumble

    Mastergumble Member

    44
    8
    8
    Sep 29, 2016
    Ratings:
    +17
    Local Time:
    10:50 AM
    1.11.x
    10.x
    Tkx George

    I will check later and update to help others (crossfingers)