Basic Authentication Retirement for legacy protocols in Exchange Online: Page 8

Basic Authentication Retirement for legacy protocols in Exchange Online

KevinTheJedi

Everyone,

Update on the above!

For now you still need to add/consent to email, openid, profile, User.Read, offline_access, IMAP.AccessAsUser.All, POP.AccessAsUser.All, and SMTP.Send scopes in the API Permissions but you can also add/consent to the Mail.ReadWrite scope and for the Scopes in osTicket you can simply use offline_access https://outlook.office.com/Mail.ReadWrite. We will update the defaults in the next update to reflect this. Having less default scopes is better and cleaner.

I'm currently reviewing the permissions to see if email, openid, and profile are actually needed.

Cheers.

rblake

KevinTheJedi

I'll remove them and see what happens. 😁

Edit: Change made, just waiting for them to propagate on the Microsoft side. Should have an update in a little more than an hour (to make sure the change has fully replicated).

Edit 2: Removed and not causing any issues so they are not needed.

KevinTheJedi

rblake

It’s strange because the Mail.ReadWrite permission in Azure shows the full url as a graph url but when you use that it won’t let you get a token so if you change it to an outlook url it works fine. So seems like another caveat on the MS side.

Cheers.

skot999

How close are we to a production ready version? We use Exchange Online, so fingers crossed it's prior to the 10/1 deadline!

KevinTheJedi

skot999

Still on track for before the cutoff.

Cheers.

ellisonrje

I am running 1.17 rc3 on a test box and following the instructions above I get a token successfully, but when I enable email fetching I receive the following error message "cannot select INBOX, is this a valid transport?". Are there any suggestions or troubleshooting steps I can take?

KevinTheJedi

ellisonrje

What host information are you attempting to use? Hostname, port number, etc.

Cheers.

ellisonrje

ellisonrje In case anyone else runs into this issue it was the azure license type applied to this account. I had to have it changed from A1 to A5 and then it started working.

ellisonrje

KevinTheJedi
outlook.offie365.com
port 993
protocol imap
authentication Oath2 - Microsoft
I have also tried with pop and 995 but I get a red exclamation mark at the top but no text.

oauth2-scout

I get the same error message "cannot select INBOX, is this a valid transport?" when configuring OAUTH2. Hostname : outlook.office365.com, Port: 993.

ealtman

I am running v1.12 on a standalone VM with mysql, php etc. How do I install this OATH2 plugin?

nerdyviking88

ealtman

you don't. This is a requirement of 1.17.x and is currently in RC3

oauth2-scout

I figured it out. It was the Microsoft Exchange licence that caused this issue.

Exchange Online Kiosk is not working, but Exchange Online Plan 1 does work correctly.

ealtman

nerdyviking88
I tried installing 1.17rc3 yesterday and ran into some issues but I will try again. Is the oauth built into that version, or just support for the plugin?
Thanks!

KevinTheJedi

ellisonrje

The only thing I can find on this error is that you should try port 995 instead. Try reaching out to your host for further assistance.

Cheers.

ellisonrje

KevinTheJedi Thank you for the reply but according to https://support.microsoft.com/en-us/office/pop-imap-and-smtp-settings-8361e398-8af4-4e97-b147-6c6c4ac95353 port 993 is the correct port for IMap. As I stated previously I did try pop (with 995) and it just gives me a red exclamation mark with no error message. If I change Imap to 995 I get an error message stating it is unable to connect to host which is to be expected.

oauth2-scout

Does the Oauth2 token renew itself or do I need to reconfigure Oauth2 everyday ?
Yesterday I activated Microsoft Oauth2, everything worked great, we received tickets, smtp worked. But today, few minutes ago, inbound tickets suddenly were stuck in the mailbox, so we had to re-confirm mailbox configuration to make it work again.

KevinTheJedi

ellisonrje

I was just telling you what I saw when I googled that error. You will need to reach out to your mail provider for further assistance.

Cheers.

margol

We have testing instance on local IP address. And when we try configure AOuth2 Microsoft, we got error from apache 404 with url: Callback Endpoint, code, state, session_state.

Anyone know, how to finish connection to Azure App?

KevinTheJedi

margol

You need to enable URL Rewriting on your webserver. We do not have documentation on this you will have to look at your webserver documentation on how to accomplish this.

Cheers.

KevinTheJedi

@oauth2-scout

So, Access Tokens will be renewed if the Refresh Token is valid. And these get updated every time they are used. So if it expired then you are probably in Test Mode in which Access Tokens fully expire after 7 days.

Cheers.

« Previous Page Next Page »