This issue is definitely related to AllowOverride module in Apache. You need to go to your sites-available file for the osTicket site or the main httpd.conf and change the AllowOverride module to All.
Cheers.
Basic Authentication Retirement for legacy protocols in Exchange Online
Yes, I was able to confirm we need to use outlook scope URLs, the v2.0 Resource Owner Endpoint, but the attribute is in fact mail. You just need to go to the User in Azure AD, edit the User, and add their email to the Contact Information Form Email Address field. They really need to get their stuff together man. I guess this is what they mean by Microsoft Hell.
Cheers.
Thank you Kevin. Do i have to change the AllowOverride none to AllowOverride All in the /etc/apache2/apache2.conf file?
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
Were you able to successfully test fetching? My account is still not migrated so I cannot test IMAP/POP nor SMTP yet (unless I make a new trial account).
Cheers.
done but unfortunately get the same message when saving the OAuth2 configuration.
~# nano /etc/apache2/apache2.conf
:~# service apache2 restart
Or do I also have to adjust this on the site-available location of this specific site?
As I mentioned earlier:
You need to go to your sites-available file for the osTicket site or the main httpd.conf and change the AllowOverride module to All.
Which means you should do this in your sites-available and if you don't have that then the main config.
Cheers.
ok clear, adjusted in the main and at site level but unfortunately I keep getting the same message back.
- Edited
Yes fetching works using IMAP. Also SMTP works with oauth. Edit: POP works too.
About the mail attribute, I have the email set also in the Contact Information form but the API doesn't still return "mail" property at all. I wonder if this is a Personal vs Exchange thing or something. Also there is no "mail" property in https://outlook.office.com/api/v2.0/$metadata
Very strange as when I dumped the attributes I get from v2.0 user endpoint I got all the correct attributes as expected mail, givenname, and surname.
Cheers.
- Edited
@jerer @KevinTheJedi
Just for info, I've handled my issues, now i'm correctly fetching emails in oauth2 with the modification proposed by jerer at attr_email and attr_username in conjunction wuth the latest commit of protich
I was having two misconfigurations:
- Typo in an url rewriter of IIS
- Error in app registration configuration, where "Allow public client flows" must be setted to "No"
Hope this help someone!
Cheers
Not contributing much to the convo, but thought I'd chime in with I'm also getting the "invalid_client" issue. Have followed all of the advice here, still hitting it. Will try unpacking that .phar and trying those edits @jerer has mentioned tomorrow. It's been a long day with other "sinking ship" items 
Context: Running this in a fairly large enterprise Azure tenant w/ hybrid mail. If anyone needs me to test things on the Azure end, let me know.
- Edited
I am also getting "invalid_client" with the plugin. Im pulling my hair out on this one!! haha
Here is my OAuth2 app settings:
Here is my endpoint from Azure:
Here is my Client ID:
Here is my Secret ID:
My Redirect:
My Permissions:
Hi, Also getting "invalid_client" when saving Auth2 Config, but when I enable email fetching Error changes to "Configure Authentication"
Is there a link to the v2 oauth2.phar file?
I've tried to follow the instructions on github but I'm hitting some errors
No, we will build and provide the new plugin once RC2 is released. You are welcome to get the source code for the plugin and hydrate and build it yourself.
Cheers.
@KevinTheJedi Is Outlook v2.0 API being deprecated (and decommissioned soon) going to be addressed in RC2/stable?
- I think the API usage could be made optional since it shouldn't be really needed when used for IMAP/POP/SMTP.
- The alternative is to use Graph API, but this requires getting another access token because Microsoft doesn't support Graph+outlook.office.com scopes in a single access token.
For now just Modern Auth via IMAP/POP and SMTP protocols. If they restrict fetching to the graph api then people are screwed. If that’s the case then you’d need a library/sdk for every provider to use their specific API which is not feasible. They should allow IMAP/POP and SMTP protocols for OAuth2. Unless I’m misinterpreting what you are saying.
Cheers.
- Edited
What I mean is Microsoft has deprecated the https://outlook.office.com/api/v2.0 APIs, but https://outlook.office.com/IMAP...ETC scopes (not Graph) needs to be used for IMAP/SMTP/POP XOAUTH2 to work. AFAIK, Microsoft has not announced any changes coming to the IMAP/SMTP/POP scopes.
So yes Graph APIs are the replacement for https://outlook.office.com/api/v2.0, but the problem is the Graph APIs cannot be used with the same access token we use for https://outlook.office.com/IMAP/SMTP/POP scopes.
https://stackoverflow.com/a/61678485
https://stackoverflow.com/a/65289990
I hope this makes it more clear what I'm concerned about.
I see. I think we are going to cross that bridge when we get closer. For now we are making v1.17 stable and then look at the outlook api url deprecation.
Cheers.