mrudella

Then I am unsure. It’s working for everyone else so it’s a config issue somewhere in your end.

Cheers.

      KevinTheJedi As I said it's not working for us either, so it's definitely not working for "everyone else". Has anyone else confirmed specifically that SMTP works for them?

          symoss mrudella

          The only thing I can recommend at this point is to maybe create a brand new App Registration in Entra and following the osTicket OAuth2 documentation exactly as it states. Also, you should now be using the Scopes of offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send.

          As long as you modify the plugin as stated above, use the correct Scopes, and authenticate as the correct user you should have no issues. I just retested with my O365 personal email and it's working as intended for both IMAP and SMTP using these instructions.

          Cheers.

              @symoss how long do you use this account?
              Maybe your certificate is outdated. You can check your client secret. It will expire all two years.

                KevinTheJedi
                i got the plugin edited, i cant seem to figure out how to manipulate our database. i was able to login to mariadb, i got to the database, and tablet contents, but im strugging to put together the right update command to change the install path and the 1 to 0. can you provide any help on this? also, im using Government 365 if that matters.

                    bbertling

                    Ahhh then you have completely different endpoints and everything. All endpoints for O365 government end in .us instead of .com. Furthermore SMTP is typically disabled for Government tenants and you typically use a relay for that.

                    As for the SQL, you should use a GUI tool instead if you don’t know how to run/write SQL statements as you can mess up quite a bit. I would recommend HeidiSQL for windows and Sequel Ace for Mac.

                    If you require a manual query you would just simply run:

                    UPDATE %TABLE_PREFIX%plugin SET `install_path` = 'plugins/auth-oauth2', `isphar` = 0 WHERE `id` = %PLUGIN_ID%;

                    Replace %TABLE_PREFIX% and %PLUGIN_ID% with their respective values.

                    Cheers.

                        KevinTheJedi
                        ok, so do i stop what im doing and make a relay connection? or can i continue to follow your instructions with HeidiSQL to get a solution? or am i the Guinea Pig to see if it works on the gov side?

                            bbertling

                            You can continue I’m just relaying my experience with these tenants. The relay should already be there however if not you can enable and use SMTP. It’s up to you.

                            Cheers.

                              @mrudella if your SMTP Authentication don't work with oAuth2, you can use basic authentification for it.
                              As far as I know, oAuth2 is only required for email fetching...

                              Thanks, that's exactly what I ended up doing. I was unable to resolve the issue any other way.

                              its working. confirmed the changes and authentication is working well.

                              @KevinTheJedi can confirm the modified plugin callback function got things running again for us

                              sharing my steps for anyone who needs a little more detail. Following KevinTheJedi's modification suggestion.
                              i enabled ssh, connected via Filezilla, found the files we needed to edit through there. was struggling to use nano to edit the file. im using MariaDB, with Kevin's suggestion, i used HEIDISQL to remotely access and view my database. i used this walk through, to enable remote access from one IP address, to the SQL database https://community.time4vps.com/discussion/636/ubuntu-how-to-allow-mysql-mariadb-remote-connections-in-ubuntu-server
                              once connected, i found OST_Plugin in my database, the data tab let me edit the Oauth2 client path, and isphar number.

                              thanks @KevinTheJedi and others

                              @KevinTheJedi can confirm that the revised plugin callback function has everything up and running again. Thanks for your help!

                              neilmcdowell I tried with Basic authentication as mentioned by @jens_E and @mrudella but it didn't work for me. I'm getting 5.7.139 error. I searched online and saw some "solutions" about using Conditional Access Policies but we don't have this enabled in our Entra subscription. The other "solution" would be to disable security defaults for all users but I didn't want to do that.

                              So back to modern authentication and I think that I finally got it working after a few hours!

                              I didn't create a new app as suggested by @KevinTheJedi , I went into the plugin in osTicket and deleted the corresponding instance(s). Then I completely deleted the email account as well (it was easy for me because we only used this account for sending). Then I created it again, used the same settings as before, but changed the Scopes to "offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send" as suggested by Kevin (don't know if this made a difference).

                              I saved and got the token, then went to the Outgoing (SMTP) tab, enabled and it worked.

                              //edit: Actually there's another difference, I was using an alias before in the account's "Email Address" field. I also changed this to the "proper" address. I was doing this because an agent also had this address so it didn't let me use it for the account, but now I switched them (put the alias to the agent and used the proper one for the account)