You can continue I’m just relaying my experience with these tenants. The relay should already be there however if not you can enable and use SMTP. It’s up to you.
Cheers.
MS OAuth2 Error: The API version 'V2' has been depreciated.
Thanks, that's exactly what I ended up doing. I was unable to resolve the issue any other way.
- Edited
its working. confirmed the changes and authentication is working well.
@KevinTheJedi can confirm the modified plugin callback function got things running again for us
sharing my steps for anyone who needs a little more detail. Following KevinTheJedi's modification suggestion.
i enabled ssh, connected via Filezilla, found the files we needed to edit through there. was struggling to use nano to edit the file. im using MariaDB, with Kevin's suggestion, i used HEIDISQL to remotely access and view my database. i used this walk through, to enable remote access from one IP address, to the SQL database https://community.time4vps.com/discussion/636/ubuntu-how-to-allow-mysql-mariadb-remote-connections-in-ubuntu-server
once connected, i found OST_Plugin in my database, the data tab let me edit the Oauth2 client path, and isphar number.
thanks @KevinTheJedi and others
@KevinTheJedi can confirm that the revised plugin callback function has everything up and running again. Thanks for your help!
- Edited
neilmcdowell I tried with Basic authentication as mentioned by @jens_E and @mrudella but it didn't work for me. I'm getting 5.7.139 error. I searched online and saw some "solutions" about using Conditional Access Policies but we don't have this enabled in our Entra subscription. The other "solution" would be to disable security defaults for all users but I didn't want to do that.
So back to modern authentication and I think that I finally got it working after a few hours!
I didn't create a new app as suggested by @KevinTheJedi , I went into the plugin in osTicket and deleted the corresponding instance(s). Then I completely deleted the email account as well (it was easy for me because we only used this account for sending). Then I created it again, used the same settings as before, but changed the Scopes to "offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send" as suggested by Kevin (don't know if this made a difference).
I saved and got the token, then went to the Outgoing (SMTP) tab, enabled and it worked.
//edit: Actually there's another difference, I was using an alias before in the account's "Email Address" field. I also changed this to the "proper" address. I was doing this because an agent also had this address so it didn't let me use it for the account, but now I switched them (put the alias to the agent and used the proper one for the account)
symoss Thanks for coming back to me. Much appreciated. I got it working using basic authentication but I'd much prefer to have all access working through Oauth2. Maybe I'll recreate it all when time allows.
KevinTheJedi
Hey Kevin.
The code changes you did here worked fine, but we also had to apply the scope change of offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send from jerer (https://forum.osticket.com/d/105728-ms-oauth2-error-the-api-version-v2-has-been-depreciated/12) to make it accept the scopes. With the combined changes, it seems to work as expected with MS365 accounts (business, not personal, addresses).
I will admit this seems like a hacky approach having the changes in the plugin and the scope changes, but otherwise it wouldn't send AND receive properly.
Of course, all of that was explained above in this thread. I even mentioned the scopes at some point as well.
Of course it “feels hacky” because you are modifying the code directly. The same changes will be included in the official build so nothing hacky about it. The scopes are actually recommended by ms themselves so nothing hacky about that either.
Cheers.
KevinTheJedi I apologize as I am trying to follow your solution. I run Powershell as an admin, run the CD command to the plugin directory and run the exact command, but I am not seeing the output. Is the oauth2.php file expected to be in the parent directory or should the command be creating a "auth-oauth2" directory and placing the file there? I am confident I can follow the rest of what you have outlined, but I am not seeing what I would gather to be the expected result from the "php -r" command.
The expected result is a new folder called the same thing as the plugin minus the extension. It creares an unpackaged version of the PHAR file with all files in it. So run the command and open the file within the new folder.
Cheers.
I'm stuck at the database edit. Where do I have to edit the path?
Nevermind I was able to solve it. Thanks a lot for the great help KevinTheJedi
KevinTheJedi "The same changes will be included in the official build". When will the official build be released? Thank you.
KevinTheJedi Thanks. I will have to look into why it is not creating the directory as expected.
KevinTheJedi Terribly sorry, I just can't get the .phar to extract to the new directory. Running PHP version 8.1.6, open elevated powershell, cd to the plugin directory and run the code as written. I have also tried running the lines separately and by using php -a to run the commands in an interactive shell. Still no dice.
I’m not sure then..I am no windows expert. I would research online for alternative ways. Some sites will unpack it for you although I don’t trust 3rd party sites.
Cheers.
KevinTheJedi I'll keep looking, thanks. Many sites just talk about packaging the phar archive, not much to go on for unpacking. When I figure it out, I will post for others.