Fix #10345 Microsoft Azure OAuth Redirect URL doesn't allow the query string. #10346
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Setting up MS Azure OAuth for email accounts was failing because Suite docs say use a Redirect URL containing a query string, and Azure forbids Redirect URLs with query strings.
My fix involves adding a line to the
.htaccess
to rewrite the incoming Redirect URL compatible with Microsoft Azure OAuth, to the query-string type of Redirect URL expected by Suite.Motivation and Context
Microsoft Azure OAuth does not allow Redirect URL to have query strings, which is the exact type of URL Suite uses.
How To Test This
Try creating an application in Azure according to the documentation.
At one point, it will have you paste the Suite Redirect URL into Microsoft Azure application.
Paste the URL with query strings from the docs.
Azure will refuse to save it because query strings are not allowed.
Try again with the URL like this instead:
https://suite.mysite.tld/entryPoint/setExternalOAuthToken
Azure will save this Redirect URL.
And Suite will accept the Redirect URL during the OAuth email account login, because Suite will internally rewrite the incoming Redirect URL from Azure, to the expected URL
https://suite.mysite.tld/index.php?entryPoint=setExternalOAuthToken
, Suite will receive the token back from Azure OAuth, making OAuth login to the MS Azure email account work.Types of changes
Final checklist