KevinTheJedi
When I set up the plugin, it successful saves the settings, and it shows Azure successful login

When I go back to the plugin, it switches back to Authorization

      ramrajone

      Authentication is for User/Agent authentication against your OAuth2 provider. Authorization is email authentication. Also, you cannot update an instance for email authorization as when it loads the form on the email side it will overwrite with authorization data.

      Cheers.

        @KevinTheJedi
        When I run Integration assistant, everything shows fine

        I get it now:
        array ( 'code' => 'ErrorAccessDenied', 'message' => 'Access is denied. Check credentials and try again.', )

          KevinTheJedi
          Are you sure EmailAddresses is the correct attribute?
          Answer: I am not sure, but I was trying email, and mail, and added a custom attribute

          still no go

          Which Graph URLs and scopes, I should be using?
          I tried this:
          offline_access https://graph.microsoft.com/IMAP.AccessAsUser.All https://graph.microsoft.com/POP.AccessAsUser.All https://graph.microsoft.com/SMTP.Send

          and got errors: array ( 'code' => 'InvalidAudienceForResource', 'message' => 'The audience claim value is invalid for current resource. Audience claim is \'https://graph.microsoft.com/\', request url is \'https://outlook.office365.com/api/v2.0/me\' and resource type is \'Exchange\'.', 'innerError' => array ( 'oAuthEventOperationId' => '5c2f112a-237b-1cf0-9fa3-18b854eacf28', 'oAuthEventcV' => 'mG0x7T+u84eyGvKdW3h6Ig.1.1', 'errorUrl' => 'https://aka.ms/autherrors#error-InvalidResource', 'requestId' => 'cs313d50-8f2f-d2f8-b12e-f11s5b239a17', 'date' => '2022-08-16T14:04:51', ), )

              ramrajone

              Because when you use Graph Scopes you also have to use the Graph Resource Details Endpoint https://graph.microsoft.com/v1.0/me.

              Cheers.

                  KevinTheJedi
                  Yes, I just changed it to Graph Resources and got a new error:
                  array ( 'code' => 'Authorization_RequestDenied', 'message' => 'Insufficient privileges to complete the operation.', 'innerError' => array ( 'date' => '2022-08-16T14:20:00', 'request-id' => 'a2f24820-a560-1nb1-ad50-a9n651351640', 'client-request-id' => 'a2f24820-a560-1nb1-ad50-a9n651351640', ), )

                      ramrajone

                      Did you add all the API permissions to the app? You need to make sure User.Read.All and such are enabled for the application.

                      Cheers.

                          ramrajone

                          You may also need to Admin Consent to those permissions and scopes as well to allow it.

                          Cheers.

                            KevinTheJedi
                            ok, I got a little far this time, with little success, but not functioning yet

                            When I add an email address: get Authenticate failed, which is normal, because I have to go into config

                            Then, it blanks out all the settings, like Hostname, Port Number, Protocol
                            I just have to re-enter it and save it.

                            After that, I get Authentication failed, when enabling Email Fetching

                                ramrajone

                                Yea we are working on stashing and recovering that data when you get directed away from that page. That change will be part of RC4.

                                Now you are where I am. I get AUTHENTICATE Failed with Graph scopes but cannot even get a token with outlook scopes. Their official docs say to use the outlook scopes but their other docs say not to use them as they are deprecated and you should use graph instead. So I contacted MS support and after 3 weeks still nowhere with this issue.

                                Are you using a personal outlook/exchange email by chance? Everyone else on the forum seems to have O365/Exchange/Outlook setup and working but us with personal accounts cannot proceed.

                                Cheers.

                                    KevinTheJedi
                                    Yes, I am using Exchange Online (Plan 1)
                                    I can test with my personal and see if I get success up to this point

                                    Where do you get an option on your Microsoft Personal account to generate a following?
                                    Client Id: *
                                    IdP Client / Application Identifier

                                    Client Secret: *
                                    IdP Client Secret

                                        ramrajone

                                        What do you mean? You have to create an app and then create the client secret in the app. This is what you did for the other test right?

                                        Cheers.

                                            KevinTheJedi
                                            For my other test, I am using Exchange online plan1 license, which I am able to do via Azure
                                            Created App:
                                            Enterprise applications | All applications
                                            Then I registered under: App registrations
                                            Then gave permission to API

                                            That's where I generated Client secrets and was able to add Redirect URIs, etc...

                                            I was trying to test with a personal account like outlook.com, but I am not sure where to go