I've sucessfully installed RC3 and updated plugin, I have generated a token. but when I try to enable the service it fails with no error message.
am I missing something?
Basic Authentication Retirement for legacy protocols in Exchange Online
Hello Andy_B
Here are my settings
I am using In Azure AD Apps / Authentication the any Organization entry
Still my SMTP problem exists.
Hope I can help you.
KevinTheJedi
Hi Kevin,
I've installed RC3. Now I'm getting Invalid Email Attribute error.
Please find the screen shot below.
Nobody any Idea for my SMTP problem?
And when I use same as Remote Mailbox i got
- Edited
It seems like your Mailbox Authentication info is not complete or is not properly setup. It's saying Configure Mailbox Authentication so check your Mailbox Authentication settings to confirm you can get a token and save changes successfully.
Cheers.
- Edited
Hello Kevin,
thanks for the answer, It was an Internal Problem of our firewall Port 587 for outgoing SMTP was blocked. Now It works . Thanks good Job
Stephan
13 days later
- Edited
Everyone,
Thanks to the wonderful @rblake we now confirmed a working setup with Microsoft and OAuth2! Below are the settings you'll need.
Go to the Azure Portal > App Registrations and create a new Application. Set the Supported account types to Multiple Organization (if available) and set the Redirect URI > Platform to Web and set the actual URL to the one provided by osTicket. Now go to the Application and API Permissions > Microsoft Graph > Delegated Permissions. Here you will add email, openid, profile, User.Read, offline_access, IMAP.AccessAsUser.All, POP.AccessAsUser.All, and SMTP.Send. Once added make sure you Grant Admin Consent to the scopes.
Now you can go to App Registrations > click the App > and click Authentication tab. Here you will enable the options Access Tokens and ID Tokens and Save the changes.
Next you will need to create your Client Secret so click the Certificates & Secrets tab. Click New Client Secret and create a new secret. Once you have this copy the secret and save it somewhere. Now you need to get your Client ID so go to the Overview tab and copy the Application (client) ID and save it somewhere.
Next, you need to get the correct endpoints so click Overview tab and at the very top you should see and Endpoints blade. Click this and you should see the correct OAuth 2.0 authorization endpoint (v2) and OAuth 2.0 token endpoint (v2) endpoints. Copy these and save them somewhere.
Lastly, we need to configure osTicket so go to the email in osTicket, select OAuth2 - Microsoft, and click Configure. Now you can enter your Client ID, Client Secret, keep the scopes as the defaults, set your Authorization Endpoint to the one you saved earlier, set your Token Endpoint to the one you saved earlier, keep Resource Details Endpoint as default, change Email Address Attribute to EmailAddress, and click Submit.
Once you click submit you should be redirected to login. Make sure you are logging in with the correct account. Once you login you may be met with a consent screen so consent and when redirected back to osTicket you should have successfully received a token. You can verify this with a successful green banner and clicking Configure again and see a Token tab. Once you have a Token you should be able to enable IMAP (or POP) and save changes.
Edit:
MS finally fixed my developer account issues and I was able to confirm the above works for me as well! So glad we were finally able to confirm MS as a provider! We are so close to releasing stable! We have a few bug fixes and we are adding PHP 8.1 support so expect at least an RC4 and a new build of the plugin soon. Shortly after v1.17 stable should be ready!
Cheers.
Everyone,
Update on the above!
For now you still need to add/consent to email, openid, profile, User.Read, offline_access, IMAP.AccessAsUser.All, POP.AccessAsUser.All, and SMTP.Send scopes in the API Permissions but you can also add/consent to the Mail.ReadWrite scope and for the Scopes in osTicket you can simply use offline_access https://outlook.office.com/Mail.ReadWrite. We will update the defaults in the next update to reflect this. Having less default scopes is better and cleaner.
I'm currently reviewing the permissions to see if email, openid, and profile are actually needed.
Cheers.
- Edited
I'll remove them and see what happens. 
Edit: Change made, just waiting for them to propagate on the Microsoft side. Should have an update in a little more than an hour (to make sure the change has fully replicated).
Edit 2: Removed and not causing any issues so they are not needed.
Itโs strange because the Mail.ReadWrite permission in Azure shows the full url as a graph url but when you use that it wonโt let you get a token so if you change it to an outlook url it works fine. So seems like another caveat on the MS side.
Cheers.
15 days later
How close are we to a production ready version? We use Exchange Online, so fingers crossed it's prior to the 10/1 deadline!
I am running 1.17 rc3 on a test box and following the instructions above I get a token successfully, but when I enable email fetching I receive the following error message "cannot select INBOX, is this a valid transport?". Are there any suggestions or troubleshooting steps I can take?
I get the same error message "cannot select INBOX, is this a valid transport?" when configuring OAUTH2. Hostname : outlook.office365.com, Port: 993.
I am running v1.12 on a standalone VM with mysql, php etc. How do I install this OATH2 plugin?
