- Edited
Because when you use Graph Scopes you also have to use the Graph Resource Details Endpoint https://graph.microsoft.com/v1.0/me.
Cheers.
OAuth2 - Microsoft setup
KevinTheJedi
Yes, I just changed it to Graph Resources and got a new error:
array ( 'code' => 'Authorization_RequestDenied', 'message' => 'Insufficient privileges to complete the operation.', 'innerError' => array ( 'date' => '2022-08-16T14:20:00', 'request-id' => 'a2f24820-a560-1nb1-ad50-a9n651351640', 'client-request-id' => 'a2f24820-a560-1nb1-ad50-a9n651351640', ), )
Did you add all the API permissions to the app? You need to make sure User.Read.All and such are enabled for the application.
Cheers.
You may also need to Admin Consent to those permissions and scopes as well to allow it.
Cheers.
KevinTheJedi
Yes, I have, here is what I have, unless I am missing something
ramrajone User.Read.All
- Edited
KevinTheJedi
ok, I got a little far this time, with little success, but not functioning yet
When I add an email address: get Authenticate failed, which is normal, because I have to go into config
Then, it blanks out all the settings, like Hostname, Port Number, Protocol
I just have to re-enter it and save it.
After that, I get Authentication failed, when enabling Email Fetching
- Edited
Yea we are working on stashing and recovering that data when you get directed away from that page. That change will be part of RC4.
Now you are where I am. I get AUTHENTICATE Failed with Graph scopes but cannot even get a token with outlook scopes. Their official docs say to use the outlook scopes but their other docs say not to use them as they are deprecated and you should use graph instead. So I contacted MS support and after 3 weeks still nowhere with this issue.
Are you using a personal outlook/exchange email by chance? Everyone else on the forum seems to have O365/Exchange/Outlook setup and working but us with personal accounts cannot proceed.
Cheers.
- Edited
KevinTheJedi
Yes, I am using Exchange Online (Plan 1)
I can test with my personal and see if I get success up to this point
Where do you get an option on your Microsoft Personal account to generate a following?
Client Id: *
IdP Client / Application Identifier
Client Secret: *
IdP Client Secret
What do you mean? You have to create an app and then create the client secret in the app. This is what you did for the other test right?
Cheers.
KevinTheJedi
For my other test, I am using Exchange online plan1 license, which I am able to do via Azure
Created App:
Enterprise applications | All applications
Then I registered under: App registrations
Then gave permission to API
That's where I generated Client secrets and was able to add Redirect URIs, etc...
I was trying to test with a personal account like outlook.com, but I am not sure where to go
KevinTheJedi
hmm, so I was able to set up on personal account app and created the secrets, but as far as permission, User.Read.All is grayed out
KevinTheJedi
I am working with MS365 support, they are asking which version of TLS are you using.
ramrajone Try un-ticking user.read and see if it will then allow you to select user.read.all. It might be one of those that only one can be selected. Just a shot in the dark.
Daedalus01
tried that, but no go
Version of TLS depends on what you have installed locally. You can check your openssl settings to confirm which version you are using (should be 1.2 which is the latest - but I cannot see your system).
Cheers.
KevinTheJedi
Well no go with MS365
MS side saying SMTP and IMAP working fine because I can send out email via PowerShell using SMTP protocol and setup Outlook using IMAP setting.
Double checked the API permission
This is what I have on the Ubuntu server 22.04:
grep -ir SSLProtocol /etc/apache2/*
/etc/apache2/mods-available/ssl.conf: SSLProtocol all -SSLv3
We are at the point, where it fails to fetch and send SMTP
I even added TXT record, but still no go
Same issue I have with my personal outlook account. Other peeps on the forum have everything setup and working with MS emails so you might want to review those threads and see how they got theirs working.
Just to note, I am 100% anti-windows. The only reason I use MS products at all is to test things like this. Their support is far from good and not helpful at all. Their documentation is horrendous and out of date all the time. So I tend to steer clear of windows if at all possible. I really don't know what's going on without talking to MS support but they haven't provided any sort of help in 2+ weeks so I'm at a loss here. We are going to create an official MS account so hopefully we'll be in a better position to test things like this in the future.
With all that said I know that MS + Modern Auth works with RC3 and the OAuth2 plugin (as other community members have confirmed) but I don't know where to tell you to look as I just don't know anything about MS products (and their docs aren't helpful).
Cheers.