I use UserPrincipalName because EmailAddress is invalid in my situation, UserPrincipalName also has the email address in our AD
I am one of the global admins, however I'm not really an Azure expert, from my understanding everything has been configured 100% correctly, the senior sysadmin also confirmed that.
Also everytime I google this situation outside osTicket, I find a lot of people who get the exact same error as me. They use the powershell commands from this Microsoft page to get it to work: https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth
(The commands all the way down on the page). However that does not work us either. Am I just completely missing something or should I just contact Microsoft at this point?
Also whenever I use the pre filled in scope (offline_access https://outlook.office.com/Mail.ReadWrite) when using Oauth2 - Microsoft I get the following error
array ( 'code' => 'InvalidAuthenticationToken', 'message' => 'Access token validation failure. Invalid audience.', 'innerError' => array ( 'date' =>
So I use a different scope as seen in the screenshot.
Also 9/10 times when I change the Email Address Attribute it'll put it back on EmailAddress when I click sent and give me the invalid attribute error.
Edit:
I just gave it application permissions instead of delegated permissions in Azure and for the first time ever I got the approval screen, however this made no difference. I used the scope https://graph.microsoft.com/.default for that.
I have also tried creating a fresh osTicket server + oauth2 plugin and exchange mailbox, it has the exact same results.
