Not able to "Create an authorization"

[wadaki]

Code of Conduct

• I agree to follow this project's Code of Conduct

Is there an existing issue for this?

• I have searched the existing issues

GLPI Version

10.0.16

Plugin version

1.4.3

Bug description

I entered "Client ID", "Tenant ID", "Client secret " for OAuth IMAP on Azure.
In the next step, I would "Create an authorization", I can login, but in the redirect page will be an error.

" Unable to save authorization code "

Relevant log output

tail -F files/_log/php-errors.log

[2024-11-14 08:34:05] glpiphplog.WARNING:   *** PHP User Warning (512): Error during authorization code fetching: Expired token in /var/www/html/marketplace/oauthimap/inc/authorization.class.php at line 423
  Backtrace :
  ...place/oauthimap/inc/authorization.class.php:423 trigger_error()
  ...e/oauthimap/front/authorization.callback.php:77 PluginOauthimapAuthorization->createFromCode()
  public/index.php:82                                require()

Page URL

localhost

Steps To reproduce

1. install oauthimap from marketplace
2. setup Oauth IMAP application
3. Create an authorization
4. error

Your GLPI setup information

システムのインストールと設定の情報

GLPI 10.0.16 ( => /var/www/html)
Installation mode: TARBALL
Current language:ja_JP

Server

 

Operating system: Linux tkysv0064 6.1.0-27-amd64 #​1 SMP PREEMPT_DYNAMIC Debian 6.1.115-1 (2024-11-01) x86_64

PHP 8.2.24 apache2handler (Core, FFI, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, apache2handler, apcu, bz2, calendar,

ctype, curl, date, dom, exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, imagick, imap, intl, json, ldap, libxml,

mbstring, memcache, mysqli, mysqlnd, openssl, pcre, pdo_mysql, posix, pspell, random, readline, session, shmop, sockets, sodium,

standard, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, xml, xmlreader, xmlrpc, xmlwriter, xsl, zip, zlib)

Setup: max_execution_time="30" memory_limit="128M" post_max_size="8M" safe_mode="" session.save_handler="files"

upload_max_filesize="2M" disable_functions=""

Software: Apache/2.4.62 (Debian) (Apache/2.4.62 (Debian) Server at 172.17.200.64 Port 443

)

Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0

Server Software: Debian 12

Server Version: 10.11.6-MariaDB-0+deb12u1

Server SQL Mode: STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

Parameters: glpi@localhost/glpi

Host info: Localhost via UNIX socket

PHP version (8.2.24) is supported.

Sessions configuration is OK.

Allocated memory is sufficient.

mysqli extension is installed.

Following extensions are installed: dom, fileinfo, filter, libxml, json, simplexml, xmlreader, xmlwriter.

curl extension is installed.

gd extension is installed.

intl extension is installed.

zlib extension is installed.

The constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES is present.

Database engine version (10.11.6) is supported.

No files from previous GLPI version detected.

The log file has been created successfully.

Write access to /var/www/html/files/_cache has been validated.

Write access to /var/www/html/files/_cron has been validated.

Write access to /var/www/html/files has been validated.

Write access to /var/www/html/files/_dumps has been validated.

Write access to /var/www/html/files/_graphs has been validated.

Write access to /var/www/html/files/_lock has been validated.

Write access to /var/www/html/files/_pictures has been validated.

Write access to /var/www/html/files/_plugins has been validated.

Write access to /var/www/html/files/_rss has been validated.

Write access to /var/www/html/files/_sessions has been validated.

Write access to /var/www/html/files/_tmp has been validated.

Write access to /var/www/html/files/_uploads has been validated.
Web server root directory configuration seems safe.

Sessions configuration is secured.

OS and PHP are relying on 64 bits integers.

exif extension is installed.

ldap extension is installed.

openssl extension is installed.

Following extensions are installed: bz2, Phar, zip.

Zend OPcache extension is installed.

Following extensions are installed: ctype, iconv, mbstring, sodium.

Write access to /var/www/html/marketplace has been validated.

Timezones seems loaded in database.

GLPI constants

 

GLPI_ROOT: "/var/www/html"

GLPI_CONFIG_DIR: "/var/www/html/config"

GLPI_VAR_DIR: "/var/www/html/files"

GLPI_MARKETPLACE_DIR: "/var/www/html/marketplace"

GLPI_USE_CSRF_CHECK: "1"

GLPI_CSRF_EXPIRES: "7200"

GLPI_CSRF_MAX_TOKENS: "100"

GLPI_USE_IDOR_CHECK: "1"

GLPI_IDOR_EXPIRES: "7200"

GLPI_ALLOW_IFRAME_IN_RICH_TEXT: false

GLPI_SERVERSIDE_URL_ALLOWLIST: ["/^(https?|feed):\/\/[^@:]+(\/.*)?$/"]

GLPI_TELEMETRY_URI: "https://telemetry.glpi-project.org"

GLPI_INSTALL_MODE: "TARBALL"

GLPI_NETWORK_MAIL: "[email protected]"

GLPI_NETWORK_SERVICES: "https://services.glpi-network.com"

GLPI_MARKETPLACE_ALLOW_OVERRIDE: true

GLPI_MARKETPLACE_MANUAL_DOWNLOADS: true

GLPI_USER_AGENT_EXTRA_COMMENTS: ""

GLPI_DISABLE_ONLY_FULL_GROUP_BY_SQL_MODE: "1"

GLPI_AJAX_DASHBOARD: "1"

GLPI_CALDAV_IMPORT_STATE: 0

GLPI_DEMO_MODE: "0"

GLPI_CENTRAL_WARNINGS: "1"

GLPI_TEXT_MAXSIZE: "4000"

GLPI_DOC_DIR: "/var/www/html/files"

GLPI_CACHE_DIR: "/var/www/html/files/_cache"

GLPI_CRON_DIR: "/var/www/html/files/_cron"

GLPI_DUMP_DIR: "/var/www/html/files/_dumps"

GLPI_GRAPH_DIR: "/var/www/html/files/_graphs"

GLPI_LOCAL_I18N_DIR: "/var/www/html/files/_locales"

GLPI_LOCK_DIR: "/var/www/html/files/_lock"

GLPI_LOG_DIR: "/var/www/html/files/_log"

GLPI_PICTURE_DIR: "/var/www/html/files/_pictures"

GLPI_PLUGIN_DOC_DIR: "/var/www/html/files/_plugins"

GLPI_RSS_DIR: "/var/www/html/files/_rss"

GLPI_SESSION_DIR: "/var/www/html/files/_sessions"

GLPI_TMP_DIR: "/var/www/html/files/_tmp"

GLPI_UPLOAD_DIR: "/var/www/html/files/_uploads"

GLPI_INVENTORY_DIR: "/var/www/html/files/_inventories"

GLPI_NETWORK_REGISTRATION_API_URL: "https://services.glpi-network.com/api/registration/"

GLPI_MARKETPLACE_PLUGINS_API_URI: "https://services.glpi-network.com/api/marketplace/"

GLPI_I18N_DIR: "/var/www/html/locales"

GLPI_VERSION: "10.0.16"

GLPI_SCHEMA_VERSION: "10.0.16"

GLPI_MARKETPLACE_PRERELEASES: false

GLPI_MIN_PHP: "7.4.0"

GLPI_MAX_PHP: "8.4.0"

GLPI_YEAR: "2024"

Libraries

 

htmlawed/htmlawed version 1.2.14 in (/var/www/html/vendor/htmlawed/htmlawed)

phpmailer/phpmailer version 6.8.0 in (/var/www/html/vendor/phpmailer/phpmailer/src)

simplepie/simplepie version 1.5.8 in (/var/www/html/vendor/simplepie/simplepie/library)

tecnickcom/tcpdf version 6.7.5 in (/var/www/html/vendor/tecnickcom/tcpdf)

michelf/php-markdown in (/var/www/html/vendor/michelf/php-markdown/Michelf)

true/punycode in (/var/www/html/vendor/true/punycode/src)

iamcal/lib_autolink in (/var/www/html/vendor/iamcal/lib_autolink)

sabre/dav in (/var/www/html/vendor/sabre/dav/lib/DAV)

sabre/http in (/var/www/html/vendor/sabre/http/lib)

sabre/uri in (/var/www/html/vendor/sabre/uri/lib)

sabre/vobject in (/var/www/html/vendor/sabre/vobject/lib)

laminas/laminas-i18n in (/var/www/html/vendor/laminas/laminas-i18n/src)

laminas/laminas-servicemanager in (/var/www/html/vendor/laminas/laminas-servicemanager/src)

monolog/monolog in (/var/www/html/vendor/monolog/monolog/src/Monolog)

sebastian/diff in (/var/www/html/vendor/sebastian/diff/src)

donatj/phpuseragentparser in (/var/www/html/vendor/donatj/phpuseragentparser/src/UserAgent)

elvanto/litemoji in (/var/www/html/vendor/elvanto/litemoji/src)

symfony/console in (/var/www/html/vendor/symfony/console)

scssphp/scssphp in (/var/www/html/vendor/scssphp/scssphp/src)

laminas/laminas-mail in (/var/www/html/vendor/laminas/laminas-mail/src/Protocol)

laminas/laminas-mime in (/var/www/html/vendor/laminas/laminas-mime/src)

rlanvin/php-rrule in (/var/www/html/vendor/rlanvin/php-rrule/src)

ramsey/uuid in (/var/www/html/vendor/ramsey/uuid/src)

psr/log in (/var/www/html/vendor/psr/log/Psr/Log)

psr/simple-cache in (/var/www/html/vendor/psr/simple-cache/src)

psr/cache in (/var/www/html/vendor/psr/cache/src)

league/csv in (/var/www/html/vendor/league/csv/src)

mexitek/phpcolors in (/var/www/html/vendor/mexitek/phpcolors/src/Mexitek/PHPColors)

guzzlehttp/guzzle in (/var/www/html/vendor/guzzlehttp/guzzle/src)

guzzlehttp/psr7 in (/var/www/html/vendor/guzzlehttp/psr7/src)

glpi-project/inventory_format in (/var/www/html/vendor/glpi-project/inventory_format/lib/php)

wapmorgan/unified-archive in (/var/www/html/vendor/wapmorgan/unified-archive/src)

paragonie/sodium_compat in (/var/www/html/vendor/paragonie/sodium_compat/src)

symfony/cache in (/var/www/html/vendor/symfony/cache)

html2text/html2text in (/var/www/html/vendor/html2text/html2text/src)

symfony/css-selector in (/var/www/html/vendor/symfony/css-selector)

symfony/dom-crawler in (/var/www/html/vendor/symfony/dom-crawler)

twig/twig in (/var/www/html/vendor/twig/twig/src)

twig/string-extra in (/var/www/html/vendor/twig/string-extra)

symfony/polyfill-ctype not found

symfony/polyfill-iconv not found

symfony/polyfill-mbstring not found

symfony/polyfill-php80 not found

symfony/polyfill-php81 not found

symfony/polyfill-php82 in (/var/www/html/vendor/symfony/polyfill-php82)

league/oauth2-client in (/var/www/html/vendor/league/oauth2-client/src/Provider)

league/oauth2-google in (/var/www/html/vendor/league/oauth2-google/src/Provider)

thenetworg/oauth2-azure in (/var/www/html/vendor/thenetworg/oauth2-azure/src/Provider)

phpCas version 1.6.0 in (/usr/share/php/CAS/source)

LDAP directories

 

Server: '172.17.202.100', Port: '389', BaseDN: 'dc=senju,dc=com,dc=local', Connection filter:

'(&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))', RootDN:

'cn=S0115,ou=User,ou=Users,ou=SENJU,dc=senju,dc=com,dc=local', Use TLS: none

SQL replicas

 

Not active

Notifications

 

Way of sending emails: SMTP+TLS (s0115@[email protected])

Plugins list

 

news                 Name: Alarme                         Version: 1.12.3     State: Installed / not activated

Install Method: Marketplace

order                Name: Bestellverwaltung              Version: 2.10.6     State: Installed / not activated

Install Method: Marketplace

domains              Name: Domains                        Version: 2.2.1      State: Installed / not activated

Install Method: Manual

formcreator          Name: Form Creator                   Version: 2.13.9     State: Installed / not activated

Install Method: Marketplace

fusioninventory      Name: FusionInventory                Version: 9.5+4.1    State: Installed / not activated

Install Method: Manual

addressing           Name: IP Adressierung                Version: 3.0.2      State: Enabled

Install Method: Marketplace

ldapcomputers        Name: LDAP computers                 Version: 0.4.1      State: Installed / not activated

Install Method: Manual

mreporting           Name: More Reporting                 Version: 1.8.6      State: Enabled

Install Method: Marketplace

oauthimap            Name: Oauth IMAP                     Version: 1.4.3      State: Enabled

Install Method: Marketplace

genericobject        Name: Objects management             Version: 2.14.9     State: Enabled

Install Method: Marketplace

datainjection        Name: インジェクション                 Version: 2.13.5     State: Enabled

Install Method: Marketplace

tag                  Name: タグ管理                           Version: 2.11.7     State: Installed / not activated

Install Method: Marketplace

Anything else?

No response

[teqoit]

i am also having same issue.

[2024-11-14 10:30:38] glpiphplog.WARNING: *** PHP User Warning (512): Unable to get user email in /var/www/html/glpi/plugins/oauthimap/inc/authorization.class.php at line 434
Backtrace :
plugins/oauthimap/inc/authorization.class.php:434 trigger_error()
...s/oauthimap/front/authorization.callback.php:77 PluginOauthimapAuthorization->createFromCode()

[2024-11-14 10:51:12] glpiphplog.WARNING: *** PHP User Warning (512): Unable to get user email in /var/www/html/glpi/plugins/oauthimap/inc/authorization.class.php at line 434
Backtrace :
plugins/oauthimap/inc/authorization.class.php:434 trigger_error()
...s/oauthimap/front/authorization.callback.php:77 PluginOauthimapAuthorization->createFromCode()

[stonebuzz]

To address the error related to the expired token, I suggest revoking the current authorization on Azure and initiating a new authorization request through the plugin. Please follow the steps below:

Revoking Authorization on Azure

1. Log in to the Azure portal as an administrator.
2. Navigate to Azure Active Directory > App Registrations.
3. Locate the application used by the plugin.
4. Remove the granted authorization by selecting Revoke admin consent.

Initiating a New Authorization Request via the Plugin

1. Start the OAuth authorization process to generate a new token.
2. Follow the steps to grant the necessary permissions.

Best regards

[TempestSys]

To address the error related to the expired token, I suggest revoking the current authorization on Azure and initiating a new authorization request through the plugin. Please follow the steps below:

Revoking Authorization on Azure

1. Log in to the **Azure portal** as an administrator.

2. Navigate to **Azure Active Directory > App Registrations**.

3. Locate the application used by the plugin.

4. Remove the granted authorization by selecting **Revoke admin consent**.

Initiating a New Authorization Request via the Plugin

1. Start the **OAuth authorization process** to generate a new token.

2. Follow the steps to grant the necessary permissions.

Best regards

I followed the steps and experimenting the same issue where i can't get the email

[wadaki]

There should be a better instruction into the plugin how to setup in the right way. Otherwise it's impossible to use.

[stonebuzz]

On your Tenant, in “APIs used by my organization”, search for “Office 365 Exchange” and select “Office 365 exchange online” then “delegated authorization”.
In the menu below, select “mail” and activate the authorizations below, then click on “add authorization”.

• Mail.Read
• Mail.Read.All
• Mail.Read.Shared
• Mail.ReadBasic
• Mail.ReadWrite