KevinTheJedi Hi Kevin, My brain hurts after such a long day... I will however try tomorrow and come back to you. Thanks for your assistance in advance.

KevinTheJedi,

I get an AUTHENTICATE failed using the same settings but modifications to the plugin.

    jfields

    That’s the same thing I get but @jerer says otherwise. Maybe try offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/SMTP.Send for the scopes?

    Cheers.

    array ( 'code' => 'InvalidAuthenticationToken', 'message' => 'Access token validation failure. Invalid audience.', 'innerError' => array ( 'date' => '2024-10-01T20:38:46', 'request-id' => '<guid>', 'client-request-id' => '<guid>', ), )

      jfields

      That sounds like something isn’t configured correctly. Do you have all of these scopes added and admin consented in the app registration in entra?

      Cheers.

      KevinTheJedi,

      This is the third account I'm setting up for this application. The previous two work fine because their token hasn't expired yet (and I'm tiptoeing around it). I can get it to authenticate just fine but then get AUTHENTICATE failed when trying to download IMAP mail.

      For as big as Microsoft is, you would think they would not change things so often or so quickly.

      KevinTheJedi,

      To get it to authenticate successfully (but fail on fetching email (AUTHENTICATE failed)) I used:
      Resource: https://graph.microsoft.com/v1.0/me
      Scopes: offline_access https://graph.microsoft.com/IMAP.AccessAsUser.All
      Mail Address Attribute: mail

      To get it to give me the invalid token error:
      Resource: https://graph.microsoft.com/v1.0/me
      Scopes: offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/SMTP.Send
      Mail Address Attribute: mail

      I believe this is because I'm calling scopes that are different than the Resource URL I'm reaching to get the mail attribute.

        jfields

        But if you modified the plugin and database records appropriately it shouldn’t call the endpoint at all. You can try deleting the existing token via token tab in authentication config and changing the user endpoint to “ https://outlook.office.com/api/v2.0/me” and email attribute to “EmailAddress”.

        Cheers.

        With the given workarounds, what is the reversal if MS ends up fixing this? I'm hesitant to make direct changes to the PHP/database without a fallback.

          ognalysis

          The reversal would be to replace the unpacked plugin with the latest download from the website, reversing the db changes, and that’s it.

          Cheers.

            KevinTheJedi I'm not this familiar with php, is it as simple to just repack the plugin instead? If so, it makes sense to me that it'd be easier to unpack, modify, and then repack the plugin instead of modifying the DB.

              I've unpacked and modified the php as you indicated, however, the DB settings are already as you described (install path has no .phar, and isphar is already 0). Should I just replace the whole original plugin directory with the new unpacked one?

                ognalysis

                No, there should be a folder called auth-oauth2/ within the include/plugin/ folder if you followed my steps correctly.

                Cheers.