Welcome to Centmin Mod Community
Become a Member

Anyone using osTicket with Microsoft 365 auth2

Discussion in 'Other Web Apps usage' started by Mastergumble, Jan 20, 2023.

  1. Mastergumble

    Mastergumble Member

    44
    8
    8
    Sep 29, 2016
    Ratings:
    +17
    Local Time:
    2:07 PM
    1.11.x
    10.x
    Im using osTicket for years but now with the auth changes on the Microsoft 365 I can't put the mail fetching again.

    Anyone is using this, I changed so many things already and still no luck, already did a lot of tests with diferent rewrites from other ideas but I still can't validate the auth2 to Azure.

     
  2. eva2000

    eva2000 Administrator Staff Member

    54,548
    12,221
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,790
    Local Time:
    12:07 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Don't use any of the mentioned services/products so can't help. What auth changes happened on Microsoft 365?
     
  3. Mastergumble

    Mastergumble Member

    44
    8
    8
    Sep 29, 2016
    Ratings:
    +17
    Local Time:
    2:07 PM
    1.11.x
    10.x
    Hi,

    Now we need to create an app to validate the permission throught Azure to fetching the emails from the 365 account. I was again checking the steps from Microsoft and I think the app registration is correct but when I try to validate the auth it gives me URL not supported when it should open the
    domain.name/api/auth/oauth2?code=0.ATsAFXbRH...

    The only changes to the default conf at this point

    Code:
    if ($request_uri ~ "^/api(/[^\?]+)") {
        set $path_info $1;
    }
    
    location ~ ^/api/(?:tickets|tasks|auth).*$ {
        try_files $uri $uri/ /api/http.php?$query_string;
    }
     
  4. eva2000

    eva2000 Administrator Staff Member

    54,548
    12,221
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,790
    Local Time:
    12:07 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  5. eva2000

    eva2000 Administrator Staff Member

    54,548
    12,221
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,790
    Local Time:
    12:07 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    no idea if config at https://forum.osticket.com/d/85324-nginx-setup-config/7 is correct but if it is, then the issue is how Centmin Mod PHP-FPM defines path_info by default. You'd need to make a copy of /usr/local/nginx/conf/php.conf like /usr/local/nginx/conf/php_osticket.conf
    Code (Text):
    cp -a /usr/local/nginx/conf/php.conf /usr/local/nginx/conf/php_osticket.conf
    

    Then edit /usr/local/nginx/conf/php_osticket.conf by changing first line from
    Code (Text):
    location ~ [^/]\.php(/|$) {
    

    to
    Code (Text):
    location ~ \.php$ {
    

    Then edit /usr/local/nginx/conf/php_osticket.conf comment out with hash # in front
    Code (Text):
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        if (!-f $document_root$fastcgi_script_name) {
            return 404;
        }
    

    Then edit /usr/local/nginx/conf/php_osticket.conf, change from
    Code (Text):
    fastcgi_param  PATH_INFO          $fastcgi_path_info;

    to
    Code (Text):
    fastcgi_param  PATH_INFO    $path_info;

    Then edit nginx vhost /usr/local/nginx/conf/conf.d/yourdomain.com.ssl.conf and replace php.conf include file /usr/local/nginx/conf/php.conf with /usr/local/nginx/conf/php_osticket.conf
    Then restart nginx and php-fpm services
    Code (Text):
    nprestart
    


    The difference is Centmin Mod default php.conf for a request is made for /api/auth/oauth2?code=0.ATsAFXbRH, the script name would be /api/auth/oauth2.php and the value of $path_info would be ?code=0.ATsAFXbRH which maybe not what osTicket is looking for as the line:
    Code (Text):
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;

    splits the request URI into two parts: the script name and the path info. The first part, the script name, is captured by the first capturing group (.+?\.php), and the second part, the path info, is captured by the second capturing group (/.*).

    The changes I suggest in theory would be so that the value of $path_info would be the part of the request URI after /api, which is /auth/oauth2 in this case

    The rest would be for you to figure out :)
     
  6. Mastergumble

    Mastergumble Member

    44
    8
    8
    Sep 29, 2016
    Ratings:
    +17
    Local Time:
    2:07 PM
    1.11.x
    10.x
    Tkx George

    I will check later and update to help others (crossfingers)