MS OAuth2 Error: The API version 'V2' has been depreciated.
array ( 'code' => 'InvalidAuthenticationToken', 'message' => 'Access token validation failure. Invalid audience.', 'innerError' => array ( 'date' => '2024-10-01T20:38:46', 'request-id' => '<guid>', 'client-request-id' => '<guid>', ), )
That sounds like something isn’t configured correctly. Do you have all of these scopes added and admin consented in the app registration in entra?
Cheers.
KevinTheJedi,
This is the third account I'm setting up for this application. The previous two work fine because their token hasn't expired yet (and I'm tiptoeing around it). I can get it to authenticate just fine but then get AUTHENTICATE failed when trying to download IMAP mail.
For as big as Microsoft is, you would think they would not change things so often or so quickly.
KevinTheJedi,
To get it to authenticate successfully (but fail on fetching email (AUTHENTICATE failed)) I used:
Resource: https://graph.microsoft.com/v1.0/me
Scopes: offline_access https://graph.microsoft.com/IMAP.AccessAsUser.All
Mail Address Attribute: mail
To get it to give me the invalid token error:
Resource: https://graph.microsoft.com/v1.0/me
Scopes: offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/SMTP.Send
Mail Address Attribute: mail
I believe this is because I'm calling scopes that are different than the Resource URL I'm reaching to get the mail attribute.
But if you modified the plugin and database records appropriately it shouldn’t call the endpoint at all. You can try deleting the existing token via token tab in authentication config and changing the user endpoint to “ https://outlook.office.com/api/v2.0/me” and email attribute to “EmailAddress”.
Cheers.
KevinTheJedi In the event someone else doesn't, I do.
We're dead in the water with the API broken, handling tickets manually.
With the given workarounds, what is the reversal if MS ends up fixing this? I'm hesitant to make direct changes to the PHP/database without a fallback.
The reversal would be to replace the unpacked plugin with the latest download from the website, reversing the db changes, and that’s it.
Cheers.
KevinTheJedi I'm not this familiar with php, is it as simple to just repack the plugin instead? If so, it makes sense to me that it'd be easier to unpack, modify, and then repack the plugin instead of modifying the DB.
ognalysis Sure go for it.
KevinTheJedi I was hoping you maybe had a oneliner for packing it. If not, nbd, just wanted to ask.
I've unpacked and modified the php as you indicated, however, the DB settings are already as you described (install path has no .phar, and isphar is already 0). Should I just replace the whole original plugin directory with the new unpacked one?
No, there should be a folder called auth-oauth2/
within the include/plugin/
folder if you followed my steps correctly.
Cheers.
- Edited
KevinTheJedi There is, but within that folder, it looks like the phar is already unpacked.
I went ahead and just copied the changes to the existing oauth2.php, no db modifications, and reran the token refresh. No error, and I just got the ticket generations. As far as I can immediately tell, your changes worked.
EDIT: for reference, we're on 1.17.2, using a custom domain within Exchange Online (no outlook.com or onmicrosoft.com)
After getting a token successfully can you save changes with the Remote Mailbox tab Status set to Enable?
Cheers.
Okay so from what I’m gathering it appears that @outlook.com emails must be special and are still broken however business emails and exchange online emails should be fine after the plugin changes. Let’s hope they fix personal emails otherwise they will be in hot water.