Everyone,

Update on the above!

For now you still need to add/consent to email, openid, profile, User.Read, offline_access, IMAP.AccessAsUser.All, POP.AccessAsUser.All, and SMTP.Send scopes in the API Permissions but you can also add/consent to the Mail.ReadWrite scope and for the Scopes in osTicket you can simply use offline_access https://outlook.office.com/Mail.ReadWrite. We will update the defaults in the next update to reflect this. Having less default scopes is better and cleaner.

I'm currently reviewing the permissions to see if email, openid, and profile are actually needed.

Cheers.

    KevinTheJedi

    I'll remove them and see what happens. 😁

    Edit: Change made, just waiting for them to propagate on the Microsoft side. Should have an update in a little more than an hour (to make sure the change has fully replicated).

    Edit 2: Removed and not causing any issues so they are not needed.

      rblake

      It’s strange because the Mail.ReadWrite permission in Azure shows the full url as a graph url but when you use that it won’t let you get a token so if you change it to an outlook url it works fine. So seems like another caveat on the MS side.

      Cheers.

      15 days later

      How close are we to a production ready version? We use Exchange Online, so fingers crossed it's prior to the 10/1 deadline!

        I am running 1.17 rc3 on a test box and following the instructions above I get a token successfully, but when I enable email fetching I receive the following error message "cannot select INBOX, is this a valid transport?". Are there any suggestions or troubleshooting steps I can take?

          I get the same error message "cannot select INBOX, is this a valid transport?" when configuring OAUTH2. Hostname : outlook.office365.com, Port: 993.

          I am running v1.12 on a standalone VM with mysql, php etc. How do I install this OATH2 plugin?

            I figured it out. It was the Microsoft Exchange licence that caused this issue.

            Exchange Online Kiosk is not working, but Exchange Online Plan 1 does work correctly.

            KevinTheJedi
            outlook.offie365.com
            port 993
            protocol imap
            authentication Oath2 - Microsoft
            I have also tried with pop and 995 but I get a red exclamation mark at the top but no text.

              ellisonrje

              The only thing I can find on this error is that you should try port 995 instead. Try reaching out to your host for further assistance.

              Cheers.

                Does the Oauth2 token renew itself or do I need to reconfigure Oauth2 everyday ?
                Yesterday I activated Microsoft Oauth2, everything worked great, we received tickets, smtp worked. But today, few minutes ago, inbound tickets suddenly were stuck in the mailbox, so we had to re-confirm mailbox configuration to make it work again.

                nerdyviking88
                I tried installing 1.17rc3 yesterday and ran into some issues but I will try again. Is the oauth built into that version, or just support for the plugin?
                Thanks!

                KevinTheJedi Thank you for the reply but according to https://support.microsoft.com/en-us/office/pop-imap-and-smtp-settings-8361e398-8af4-4e97-b147-6c6c4ac95353 port 993 is the correct port for IMap. As I stated previously I did try pop (with 995) and it just gives me a red exclamation mark with no error message. If I change Imap to 995 I get an error message stating it is unable to connect to host which is to be expected.

                  We have testing instance on local IP address. And when we try configure AOuth2 Microsoft, we got error from apache 404 with url: Callback Endpoint, code, state, session_state.

                  Anyone know, how to finish connection to Azure App?

                    margol

                    You need to enable URL Rewriting on your webserver. We do not have documentation on this you will have to look at your webserver documentation on how to accomplish this.

                    Cheers.

                    ellisonrje

                    I was just telling you what I saw when I googled that error. You will need to reach out to your mail provider for further assistance.

                    Cheers.

                    @oauth2-scout

                    So, Access Tokens will be renewed if the Refresh Token is valid. And these get updated every time they are used. So if it expired then you are probably in Test Mode in which Access Tokens fully expire after 7 days.

                    Cheers.