We have the same issue on v1.17.5 since last Sunday. We have also tried all the steps mentioned in the previous posts, but no luck. Tickets are piling up....
MS OAuth2 Error: The API version 'V2' has been depreciated.
Have the same issue, I have one instance of 1.17.4 which was fine until Friday. Yet also have another instance of 1.17.4 working absolutely fine. Have recreated the secrets in Azure a number of times and it hasn't solved the issue at present. Little lost at this point.
- Edited
The Outlook REST API (https://outlook.office.com/api/v2.0/me) has been deprecated for a really long time, and they have been progressively decommissioning those from tenants since March 31th this year.
The replacement for it is the Graph API (https://graph.microsoft.com/v1.0/me), but it cannot be used with the same access token that is used for Outlook IMAP/SMTP/POP. Wrote about it some time ago:
https://forum.osticket.com/d/96893-basic-authentication-retirement-for-legacy-protocols-in-exchange-online/101
This needs to be addressed by either creating a separate access token for Graph calls, or allowing us to skip that API call since its only used for strict email address matching (though completely disabling this from Microsoft provider is not ideal, since it's pretty easy to accidently authorize the wrong mailbox if you are logged on with it).
For now as a quick and dirty workaround I created a "mockup API"/site that returns the JSON:
{"EmailAddress": "mailbox email address here"}
jerer Hi
Can you please explain how you solved this issue?
This is my endpoints. Is there a change ?
Hi, this is just a dirty "hack" to bypass the "User details" API call. This is not a proper fix to this problem, but just something I did temporarily to get things going again. If you do this, make sure you are not logged in to any other mailbox. This bypasses the email address matching so you could accidentally start polling emails from the wrong mailbox. I recommend starting your browser in a new incognito mode just in case.
Create a ".json" file in your osticket folder (or somewhere else) with the content:
{"EmailAddress": "set your mailbox email address here"}Configure that in the "Resource details Endpoint", e.g. https://<your-osticket-host.com>/something.json
(Technically we could use any URL here that returns JSON data, but because the access token is sent to that URL don't use any public ones for security reasons)Keep the scopes as
offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.SendKeep the "Email address attribute" as "EmailAddress".
If you are using multiple mailboxes, I guess you will have to uncheck email address "Strict matching" (again, make sure to logout other mailboxes first). Or you could use multiple json files/php script to handle that.
Yea we are not updating for Graph API until absolutely required because it will require us to completely rework fetching all over again and move it to API calls. This is planned for v2.0 but not for legacy. We have thousands of customers using this with no issues. Simple seems like a Microsoft issue as earlier in the thread it started working again with no changes from our side.
Cheers.
ben_werk
Not everyone is having this issue (yet) because:
- Microsoft has been decommissioning the Outlook v2 API progressively, not from all organizations at once
- The API is called only when you configure the OAuth, so valid refresh tokens will continue to work
But for example when the client secret expires (which is max 2 years) and it needs to be updated, people will be faced with this issue.
That’s not what happened in the referenced thread last time. If they truly decommissioned it then those people would still be broken but it started working again once Microsoft fixed the issue on their end.
Cheers.
I don’t believe they would kill IMAP/POP like that. Graph only supports API calls as far as I’m aware and outlook supports IMAP/POP protocols.
Cheers.
- Edited
KevinTheJedi
They are not killing Outlook IMAP/SMTP/POP, just the REST APIs.
Go ahead and try to get a graph token from graph then and use it for the imap endpoint. It simply won’t work which is why we used outlook in the first place.
Cheers.
Has anyone found a working, explainable solution to this please??? 
Maybe it’s too early and I’m not understanding you. The problem isn’t getting a graph token the problem is using the token to authenticate to IMAP/POP protocols (the only IMAP resource I know is outlook.office365.com:933 - don’t see a graph resource for this). When you authenticate using graph token it fails. Our code only supports fetching via IMAP/POP protocols we do not support fetching from retrieving mail via api calls. From all that I’ve read online graph tokens are solely used for graph api endpoints. Graph API endpoints require calling a API endpoint to retrieve mail; completely different than IMAP/POP protocols. IMAP is a protocol to fetch mail not an API endpoint. So my point is that the graph tokens are meant for graph api and graph api is only good for API calls and that essentially kills IMAP/POP which I doubt they are doing.
Cheers.
- Edited
Also, in the article you referenced directly from microsoft the recommended answer says exactly what we are already doing:
Which is calling the v2 endpoint.
Cheers.
No, that is still explaining that you must switch to API calls to retrieve mail instead of using IMAP/POP3 protocols so that's not going to help here. Our software only supports IMAP/POP3 fetching or email piping or sending emails to our API (not us calling out to retrieve mail).
Cheers.
Also having the same issue. Our Token expired yesterday, and we are unable to refresh. Verified all the endpoints, secrets, etc. are correct.