Microsoft Azure OAuth Redirect URI doesn't allow the query string. #10345
Labels
Area: Emails:Config
Issues & PRs related to email configuration
Area: Emails
Issues & PRs related to all things regarding emails & email module
Priority:Important
Issues & PRs that are important; broken functions, errors - there are workarounds
Severity: Major
Significant impact/severe disruption
Type: Bug
Bugs within the core SuiteCRM codebase
Issue
Microsoft OAuth Redirect URL has new rules, since OAuth Login to Email was added in Suite.
The OAuth Redirect URL may not contain a query string!
Also, public (domain) URLs must be secure (https). Insecure (http) is not accepted!
In the Suite 7 + Suite 8 OAuth Email documentation steps, the Redirect URL:
http://suite.mysite.tld/legacy/index.php?entryPoint=setExternalOAuthToken
…is now rejected as a Microsoft Azure OAuth Redirect URL!
A fix is needed, for all users, to get the Microsoft OAuth Redirect URL working again, and TLS certificates since
https
is now mandatory.Expected Behavior
Users should be able to enter an acceptable Redirect URL to Azure, a URL that doesn't contain a Query String.
Users should be able to enter
https://suite.mysite.tld/legacy/entryPoint/setExternalOAuthToken
and have the Suite.htaccess
rewrite it to:https://suite.mysite.tld/legacy/index.php?entryPoint=setExternalOAuthToken
Actual Behavior
Azure refuses saving Suite's OAuth Redirect URL:
Possible Fix
RewriteRule
in the Apache.htaccess
.Suite should detect when it's running on publicly accessible domain: auto configure a free TLS certificate & enable
HTTPS
.Or just run Suite on a server with a Virtualmin control panel, it will automatically install a free TLS certificate,
https
will be active, and OAuth login from a Suite server on a domain will satisfy the Microsoft requirement forhttps
. Of course, rewriting the Redirect URL in.htaccess
would also be required, for OAuth email login to work.Steps to Reproduce
Context
Your Environment
The text was updated successfully, but these errors were encountered: