KevinTheJedi
Are you sure EmailAddresses is the correct attribute?
Answer: I am not sure, but I was trying email, and mail, and added a custom attribute

still no go

Which Graph URLs and scopes, I should be using?
I tried this:
offline_access https://graph.microsoft.com/IMAP.AccessAsUser.All https://graph.microsoft.com/POP.AccessAsUser.All https://graph.microsoft.com/SMTP.Send

and got errors: array ( 'code' => 'InvalidAudienceForResource', 'message' => 'The audience claim value is invalid for current resource. Audience claim is \'https://graph.microsoft.com/\', request url is \'https://outlook.office365.com/api/v2.0/me\' and resource type is \'Exchange\'.', 'innerError' => array ( 'oAuthEventOperationId' => '5c2f112a-237b-1cf0-9fa3-18b854eacf28', 'oAuthEventcV' => 'mG0x7T+u84eyGvKdW3h6Ig.1.1', 'errorUrl' => 'https://aka.ms/autherrors#error-InvalidResource', 'requestId' => 'cs313d50-8f2f-d2f8-b12e-f11s5b239a17', 'date' => '2022-08-16T14:04:51', ), )

      ramrajone

      Because when you use Graph Scopes you also have to use the Graph Resource Details Endpoint https://graph.microsoft.com/v1.0/me.

      Cheers.

          KevinTheJedi
          Yes, I just changed it to Graph Resources and got a new error:
          array ( 'code' => 'Authorization_RequestDenied', 'message' => 'Insufficient privileges to complete the operation.', 'innerError' => array ( 'date' => '2022-08-16T14:20:00', 'request-id' => 'a2f24820-a560-1nb1-ad50-a9n651351640', 'client-request-id' => 'a2f24820-a560-1nb1-ad50-a9n651351640', ), )

              ramrajone

              Did you add all the API permissions to the app? You need to make sure User.Read.All and such are enabled for the application.

              Cheers.

                  ramrajone

                  You may also need to Admin Consent to those permissions and scopes as well to allow it.

                  Cheers.

                    KevinTheJedi
                    ok, I got a little far this time, with little success, but not functioning yet

                    When I add an email address: get Authenticate failed, which is normal, because I have to go into config

                    Then, it blanks out all the settings, like Hostname, Port Number, Protocol
                    I just have to re-enter it and save it.

                    After that, I get Authentication failed, when enabling Email Fetching

                        ramrajone

                        Yea we are working on stashing and recovering that data when you get directed away from that page. That change will be part of RC4.

                        Now you are where I am. I get AUTHENTICATE Failed with Graph scopes but cannot even get a token with outlook scopes. Their official docs say to use the outlook scopes but their other docs say not to use them as they are deprecated and you should use graph instead. So I contacted MS support and after 3 weeks still nowhere with this issue.

                        Are you using a personal outlook/exchange email by chance? Everyone else on the forum seems to have O365/Exchange/Outlook setup and working but us with personal accounts cannot proceed.

                        Cheers.

                            KevinTheJedi
                            Yes, I am using Exchange Online (Plan 1)
                            I can test with my personal and see if I get success up to this point

                            Where do you get an option on your Microsoft Personal account to generate a following?
                            Client Id: *
                            IdP Client / Application Identifier

                            Client Secret: *
                            IdP Client Secret

                                ramrajone

                                What do you mean? You have to create an app and then create the client secret in the app. This is what you did for the other test right?

                                Cheers.

                                    KevinTheJedi
                                    For my other test, I am using Exchange online plan1 license, which I am able to do via Azure
                                    Created App:
                                    Enterprise applications | All applications
                                    Then I registered under: App registrations
                                    Then gave permission to API

                                    That's where I generated Client secrets and was able to add Redirect URIs, etc...

                                    I was trying to test with a personal account like outlook.com, but I am not sure where to go

                                        KevinTheJedi
                                        I am working with MS365 support, they are asking which version of TLS are you using.

                                          ramrajone Try un-ticking user.read and see if it will then allow you to select user.read.all. It might be one of those that only one can be selected. Just a shot in the dark.

                                              ramrajone

                                              Version of TLS depends on what you have installed locally. You can check your openssl settings to confirm which version you are using (should be 1.2 which is the latest - but I cannot see your system).

                                              Cheers.

                                                  KevinTheJedi
                                                  Well no go with MS365
                                                  MS side saying SMTP and IMAP working fine because I can send out email via PowerShell using SMTP protocol and setup Outlook using IMAP setting.

                                                  Double checked the API permission

                                                  This is what I have on the Ubuntu server 22.04:
                                                  grep -ir SSLProtocol /etc/apache2/*
                                                  /etc/apache2/mods-available/ssl.conf: SSLProtocol all -SSLv3

                                                  We are at the point, where it fails to fetch and send SMTP

                                                  I even added TXT record, but still no go