There’s been a breaking change by Microsoft for OAuth.The Redirect URL may not contain a query string! https). Insecure (http) is not accepted!http://suite.mysite.tld/legacy/index.php?entryPoint=setExternalOAuthTokenlegacy part of the Redirect URL.
1 Like
rsp
30 January 2024 20:58
2
Did you open new PR/issue on the GitHub?
Yes, the issue is open now:
opened 09:38PM - 30 Jan 24 UTC
<!--- Please be aware that as of the 31st January 2022 we no longer support 7.10… .x.
New issues referring to 7.10.x will only be valid if applicable to 7.12.x and above.
If your issue is still applicable in 7.12.x, please create the issue following the template below -->
#### Issue
**Microsoft OAuth Redirect URL** has new rules, since OAuth Login to Email was added in Suite.
The OAuth Redirect URL may not contain a query string!
Also, public (domain) URLs must be secure (https). Insecure (http) is not accepted!
In the Suite 7 + Suite 8 OAuth Email documentation steps, the Redirect URL: `http://suite.mysite.tld/legacy/index.php?entryPoint=setExternalOAuthToken`
…is now rejected as a Microsoft Azure OAuth Redirect URL!
A fix is needed, for all users, to get the Microsoft OAuth Redirect URL working again, and TLS certificates since `https` is now mandatory.
#### Expected Behavior
Users should be able to enter an acceptable Redirect URL to Azure, **a URL that doesn't contain a Query String**.
Users should be able to enter `https://suite.mysite.tld/legacy/entryPoint/setExternalOAuthToken` and have the Suite `.htaccess` rewrite it to: `https://suite.mysite.tld/legacy/index.php?entryPoint=setExternalOAuthToken`
#### Actual Behavior
Azure refuses saving Suite's OAuth Redirect URL:
#### Possible Fix
`RewriteRule` in the Apache `.htaccess`.
Suite should detect when it's running on publicly accessible domain: auto configure a free TLS certificate & enable `HTTPS`.
Or **just run Suite on a server with a Virtualmin control panel, it will automatically install a free TLS certificate, `https` will be active, and OAuth login from a Suite server on a domain will work.**
#### Steps to Reproduce
1. Login to Microsoft Azure.
2. Follow the Suite documentation on how to setup an "app" for Microsoft OAuth for email.
3. Enable for personal email accounts also. May not make any difference.
4. When you go to paste in the Redirect URL from the docs, you'll see an error box. It refuses to save the Redirect URL.
#### Context
1. Fails to connect to email on Microsoft email accounts!
2. Unable to test new email features such as RFC8055 One Click Unsubscribe, on Microsoft email accounts!
#### Your Environment
* SuiteCRM Version used: 7.14.2, 8.5.0
* Browser name and version (e.g. Chrome Version 51.0.2704.63 (64-bit)): Firefox
* Environment name and version (e.g. MySQL, PHP 7): PHP 8.1 and 8.2
* Operating System and version (e.g Ubuntu 16.04): Debian 12
I only recently (last week) configured OAuth with MS Office365, and hat no problems with the redirect URL.
Interesting. Is it a localhost URL, or a publicly accessible domain? http or https? Organization or non-organization personal email accounts?
Is your Azure app configured to allow only Organization email accounts? Or allow Personal email accounts (non-organization)?
rsp
31 January 2024 16:04
9
You could provide your steps and some screenshots, so we could understand it better.
I don’t know to be honest. It was our MS admin that configured it on the Microsoft side, I only did it on the SuiteCRM side. But I would guess only organisation emails.
