jens_E Yeah, i edited the oauth2.php file with the changes under OAuth2AuthBackend
MS OAuth2 Error: The API version 'V2' has been depreciated.
jens_E I did everything and the plugin is installed but when i try to configure the authentication i get this:
jens_E where can i find it?
I don't know your System. So I can't say, where you can find this logs.
jens_E I think i will wait till the updated plugin comes out... I literally can't figure out what i'm doing wrong...
For example now i have two identical plugin to install, and one of them gets me the http error 500
Checking in to say the fix worked for me. I used DBeaver as another use above demonstrated to make changes to the (MySQL) database, and it worked great.
Kevin, any updates to when the updated plugin will be released? I'm also having a difficult time making the changes. I have not been successful. For now, i'm working tickets out of the mailbox itself. We would even pay support to update the plugin if possible.
He stated in another thread next release cycle.
We actually should have a build of the OAuth2 plugin ready much sooner than that. We are wrapping up the changes for aliases, etc. now and looking at pushing the new build to the website’s download page next week. We don’t allow PHAR uploads on this Forum for security reasons; otherwise I would’ve had a build up this whole time.
Things to keep in mind if it’s not working:
- Make sure the plugin folder and all files are fully extracted. If you’re using Windows switch the quotes around (single to double and vice versa) in the extraction command.
- Check your
include/ost-config.phpfile to make sure you are modifying the correct database. - As I’ve stated before in this thread there are multiple
callback()functions in the plugin’soauth2.phpfile so you need to replace the one for theOAuth2EmailAuthBackendbackend specifically. Make sure you replace the entire function. - Make sure the database changes are saved properly by running SELECT queries afterwards.
- Make sure that for each system email you login to osTicket in incognito window and when you are brought to Microsoft you login as the email itself. As stated earlier in this thread aliases, resource emails, and shared mailboxes WILL NOT WORK at this time until the new build is released.
- Make sure you restart the web server and PHP-FPM (if you’re running it) to clear any file cache. PHAR files tend to be aggressively cached.
Cheers.
- Edited
Hi KevinTheJedi ,
I had apply your patch 2 or 3 weeks ago, and oauth2 had working again.
But today, the token expired and now I have the error message "invalid_client" ...
I don't hunderstand why it suddundly happened ...
Can you help us ?
Tank you !
Our system was functioning until yesterday. I have a ticket open with Microsoft to find out how to resolve the issue.
Do any of these point to a solution?
https://learn.microsoft.com/en-us/entra/identity-platform/scopes-oidc
https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/api-reference/v2.0/
Transition from API v1.0 to API v2.0
Not sure, but someone else had this very same issue earlier in this thread and they found out their certificate expired and needed to be renewed and updated in the email OAuth2 config.
Cheers.
- Edited
!!! ATTENTION EVERYONE !!!
A new build of the OAuth2 plugin with full support for all types of emails is now live on the downloads page.
** IMPORTANT NOTES: **
- This requires you to apply a patch for the core codebase.
- After installing the new build of plugin you should update all emails using OAuth2 just to be certain you are up-to-date.
- If you are currently using the un-PHARed plugin make sure you update the database and set the
install_pathandispharvalues back to their original values (ie.plugins/auth-oauth2.pharand1respectively).
Follow the below steps to ensure you are up-to-date with the Microsoft changes:
- Login to osTicket in incognito/private browsing window (repeat for each email to prevent authorizing the wrong account each time)
- Click on a system email with OAuth2 configured
- Click Config in Remote Mailbox tab
- If using hared mailbox/resource email/alias email ensure the Strict Matching checkbox is disabled (unchecked) in the Info tab
- Fully replace the Scopes value with
offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send - Submit the popup
- Login as the email itself -OR- if using shared mailbox/resource email/alias email sign in to the Service Account/User Account that has full Send As and Read and Manage permissions to the mailbox
- Consent to the requested permissions
- Once complete you should be redirected back to osTicket with a success banner. If however you are using a shared mailbox/resource email/alias email and you get an error about mismatching emails on the first submission, simply resubmit the popup and it should go through the second time.
- Repeat these steps for the Outgoing SMTP tab if it has separate OAuth2 Authentication configured (ie. if SMTP Authentication is set to "OAuth2 - Microsoft")
Once you have a new token you should be good to go. 
Just to note, a new set of releases for both 1.17.x and 1.18.x will be released soon that will contain the above core codebase patch.
If we are using OSTICKET on a hosting provider i.e Krystal UK how do we apply the changes on the backend, before doing the GUI changes?
You would need to contact your hosting provider as each provider is different. Depends on if they have CPanel, or SSH, etc.
Cheers.
- Edited
But once you get access to your backend you can upload the new build of plugin to the include/plugins/ folder of your osTicket site overwriting the currently installed PHAR file. Then modify the needed core codebase files shown in the referenced pull request. You can modify the file with any editor you are comfortable with. If you aren’t comfortable doing so GitHub allows you to view and download the full files in the pull request. Go to the pull request, click Files Changed, click the three dots on the bar with the file name in it, click View File, click the three dots on the bar with Code/Blame, click Download (or press Ctrl + Shift + S), and upload the file to the matching location in your site folder overwriting the existing file. Repeat for each file in the pull request until you have replaced all the needed files. From there you should be good to go to follow the GUI steps.
Cheers.
after Doing all steps , after authenticated the email , it return to ostickets home page , not the email configuration page
KevinTheJedi
Just to make sure I am understanding correctly
Downloading new OAuth2 plugin and installing then applying this? This requires you to apply a patch for the core codebase.
or before installing new OAuth2 plugin?
Whatever order you want. Both simply have to be done before doing changes in the UI.
Cheers.
tamer229
KevinTheJedi please help
It sounds like you configured the app registration or plugin incorrectly. Go follow the steps in the documentation to ensure you did everything correctly:
Cheers.
KevinTheJedi
everything was fine till I tried to configure the new plugin and modify the PHP files
That doesn’t really help much. Things can change, secrets can expire, etc. I would recommend going over the PHP changes you made to ensure you did them correctly. Then double check your plugin and app registration settings as shown in the docs. If you still have issues I’d recommend configuring a new app registration and reconfiguring the email in osTicket.
Cheers.
I've only had to upload the new th-oauth2.phar and then as soon as i re-apply the token it was successful and started pulling down emails again.?!
I would still make changes to the core codebase but glad it's working for you!
Cheers.
KevinTheJedi
Thank you very much for a quick fix, it works just fine
Very much appreciated
Thanks a million! Our helpdesk is back! Thanks Kevin and team, as well as community!
- Edited
Ok I have tried for 3 hours now and I can't get the token to work, I keep getting this message:
Credentials: Required option not passed: "access_token"
I have the same issue as a user above where after connecting to Microsoft it just returns to the homepage for OSTicket.
Sounds like something is misconfigured within the email configurations or app registration. I would recommend creating a new app registration by following the steps in the documentation, replacing the needed information in the email configurations to match the new app, replace the Scopes with the ones I posted above, and then submit the popup. Keep in mind you should be doing so in an incognito/private window to avoid authorizing the wrong account.
Cheers.
KevinTheJedi Thanks yes I have tried all that as well as deleting and recreating the plugin and email accounts. .
So you have done ALL of the following and still have issues?
- Downloaded the new build of OAuth2 plugin from the osTicket download page.
- Replaced your existing auth-oauth2.phar file with the new one.
- You’ve made these changes in your code.
- You’ve restarted your web server (and PHP-FPM if you’re running it) to clear any server-side file caching. If using a hosting provider they will likely have additional file caching and if that’s the case reach out to ask how to clear said cache.
- Opened an incognito/private window.
- Navigated to your system email in osTicket.
- Clicked Remote Mailbox and clicked Config.
- Deleted the existing token (if one).
- Clicked IdP Config.
- Replaced the Scopes with
offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send. - Submitted the popup.
- Logged in as the email you are configuring in osTicket.
- Consented to the permissions.
- Redirected back to the email in osTicket with a success banner.
If so then I’m not sure what’s happening and you would simply need to post everything you have so we can try to help you. I simply cannot replicate this.
Cheers.
KevinTheJedi
Yesterday we ran in this problem, after editing the plugin its working fine.
We're using exchange online usermailbox with 2FA.
Thanks.
jerer hi, i modified the url and create the file j.son, but noew i have this error in authentication cURL error 60: SSL certificate problem: self-signed certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) Can you help me?
... simply scroll up and read:
… or read here:
Cheers.
12 days later
- Edited
KevinTheJedi
Hello Kevin,
I followed all the steps in your "https://forum.osticket.com/d/105728-ms-oauth2-error-the-api-version-v2-has-been-depreciated/242" but every time I am being redirected to the support ticket main page once I am providing the email credentials, not getting the popup to consent and hence no token renewal and no success page.
Can you provide some help please.
everything was working fine till Saturday and since then its down.
Then you are not doing something right. Please follow the guide here step-by-step:
Once you get to the Outlook Scopes field replace the default value with this: offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send
Then when you submit the popup and go to microsoft, you login as the email you are configuring in osTicket. Then you consent to the permissions and you should be good. If you have to request consent from an admin this will not work. Your admin will need to consent on behalf of the org in the enterprise applications or allow users to consent themselves.
Cheers.
I recreated the whole email but again same thing. after updating the OAuth2 plugin, I am not getting "resource detail" and "email address attribute" is there something i am missing 