KevinTheJedi Although I already bypassed it the other way, I still would like to confirm I tested this modification and it works. Thanks for looking into this!
jerer
So I’m assuming my account is just fucked up then. Because I always had a dev account but it expired so now I’m using my personal account and this is the one that’s not authenticating (yes I created a brand new registration using the personal account, etc.). I contacted MS to see what’s going on so unfortunately I’m at their mercy. Glad my changes are working for you though. Once I get more confirmations I’ll clean it up and make it legit.
Cheers.
I've modified the plugin... What other settings should we use for the Auth, Token and Scopes?
jfields
Same everything just do the modifications listed in the post.
KevinTheJedi Hi Kevin, My brain hurts after such a long day... I will however try tomorrow and come back to you. Thanks for your assistance in advance.
KevinTheJedi,
I get an AUTHENTICATE failed using the same settings but modifications to the plugin.
That’s the same thing I get but @jerer says otherwise. Maybe try offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/SMTP.Send for the scopes?
offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/SMTP.Send
array ( 'code' => 'InvalidAuthenticationToken', 'message' => 'Access token validation failure. Invalid audience.', 'innerError' => array ( 'date' => '2024-10-01T20:38:46', 'request-id' => '<guid>', 'client-request-id' => '<guid>', ), )
That sounds like something isn’t configured correctly. Do you have all of these scopes added and admin consented in the app registration in entra?
This is the third account I'm setting up for this application. The previous two work fine because their token hasn't expired yet (and I'm tiptoeing around it). I can get it to authenticate just fine but then get AUTHENTICATE failed when trying to download IMAP mail.
For as big as Microsoft is, you would think they would not change things so often or so quickly.
To get it to authenticate successfully (but fail on fetching email (AUTHENTICATE failed)) I used: Resource: https://graph.microsoft.com/v1.0/me Scopes: offline_access https://graph.microsoft.com/IMAP.AccessAsUser.All Mail Address Attribute: mail
To get it to give me the invalid token error: Resource: https://graph.microsoft.com/v1.0/me Scopes: offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/SMTP.Send Mail Address Attribute: mail
I believe this is because I'm calling scopes that are different than the Resource URL I'm reaching to get the mail attribute.
But if you modified the plugin and database records appropriately it shouldn’t call the endpoint at all. You can try deleting the existing token via token tab in authentication config and changing the user endpoint to “ https://outlook.office.com/api/v2.0/me” and email attribute to “EmailAddress”.
Do you have @outlook.com addresses or a business account with a custom domain?
KevinTheJedi In the event someone else doesn't, I do. We're dead in the water with the API broken, handling tickets manually.
ognalysis
Please go ahead and test.
With the given workarounds, what is the reversal if MS ends up fixing this? I'm hesitant to make direct changes to the PHP/database without a fallback.
The reversal would be to replace the unpacked plugin with the latest download from the website, reversing the db changes, and that’s it.
KevinTheJedi I'm not this familiar with php, is it as simple to just repack the plugin instead? If so, it makes sense to me that it'd be easier to unpack, modify, and then repack the plugin instead of modifying the DB.
ognalysis Sure go for it.
KevinTheJedi I was hoping you maybe had a oneliner for packing it. If not, nbd, just wanted to ask.
Not on-hand no. I package plugins using official commands 😉
