KevinTheJedi Honestly this sounds like although this was a headache for the dev team, the capabilities for email will be much greater moving forward after this huge change. Like I said previously, thank you for your in depth info into this project and all of your work on this. You guys are a prime example of the open source community and represent all of us well. Thank you.
Basic Authentication Retirement for legacy protocols in Exchange Online
17 days later
Is there an ETA for anything related to this issue? Has anyone running this on Gmail found a solution after 5/31/22?
We have a hard deadline of 10/1/22 and we need to find a solution soon or move out of osTicket.
Would love to stay, but I don't see anything in the new releases addressing this. Please tell me I'm wrong!
Thank you
Everyone,
We now have some pulls made:
We will be doing final review, testing, and hopefully gathering your feedback in the coming days. Super close to an RC and not long after a stable release!
Cheers.
12 days later
Hi guys. I am sure your working hard - do you have any news?
Thanks,
This coming week. Had issues and people were not available last week so wasn’t released.
If anyone wants further updates please follow the GitHub repo and you’ll be notified upon a release.
Cheers.
Not a long term fix, but I am forwarding my mailbox that needs collection from osticket to a £1/month mailbox from fasthosts - then I can pop3 collect all I want - works great :-)
alexbuckland but you lose the ability to reply to tickets within Osticket isn't it?
Nope, SMTP basic auth is not being depreciated. Or not on my tenant at least.
It will eventually be phased out by most if not all major providers but that deadline is way farther away than IMAP/POP3.
Cheers.
Hello Everyone,
We now have the v1.17-rc1 available for download on our website! Please download, install in a test environment, and test away! If you experience any issues please open a new Issue Report detailing the issue.
A big thank you to everyone for their patience and support!
Cheers.
KevinTheJedi thank you to the whole team for all of the hard work involved!
I would like to mention that we need help testing email authorization for MS accounts specifically. We’ve tested email authorization for Gmail (IMAP/SMTP) as well as OAuth2 agent/user authentication for Google and MS. We also need help testing POP for both Gmail and MS.
Cheers.
I manage to upgrade my production environment from 1.16.3 to 1.17 RC1 without any hiccups. Manage to activate the OAuth2 plugin and here's where I cannot proceed further. I'm on Office365/AzureAD.
In Manage -> Plugins -> Oauth2 Client, there's an Instance tab. Do I need to manually create a new Instance? Some fields were populated automatically and I'm not sure what should I modify.
Then in Emails -> Email Addresses (select primary) -> Remote Mailbox, there's another "Config" tab next to "Authentication" after I selected "OAuth2 - Microsoft". The fields here are similar to the ones in Plugins.
Do you have a guide on how to get OAuth2 working? I have completed App registration in Azure AD, however Osticket does not show specific error message other than "Configure Authentication".
You need to go to osTicket, click Config next to Authentication in the email, copy your Redirect URI, go to Azure, register an app, paste your Redirect URI, create a client secret, copy the client id and client secret, go to osTicket, paste your client ID, paste your client secret, and Save Changes. This will then redirect you to Azure to authenticate and accept the scopes.
Cheers.
- Edited
KevinTheJedi
Hi Kevin,
I am facing the same issue.
I've configure the OAuth2-Microsoft and it is save successfully.
But when I enabling the email fetching option and try to save the setting it'll show me the Configure Authentication error.
Please find the screen shot.
first Screen Shot - I've configure the OAuth2-Microsoft.
Second Screen shot - My OAuth Config parameters.
Third Screen shot - I'm trying to enable the Email Fetching but getting the Configure Authentication Error.
- Edited
Okay so don’t use the /common/ urls for Authorization and Token Endpoints. Instead go to the Enterprise Applications in Azure, click Endpoints at the top, and use the v2.0 Authorization and Token URLs with /tenant-id/oauth2/v2.0/ instead of /common/oauth2/v2.0/. Then for Resource Details Endpoint instead of /api/v1.0/me use /api/v2.0/me. And lastly for scopes replace profile,email with https://graph.microsoft.com/.default.
If that doesn’t work then you might need the new build of the plugin and the new patches coming on Monday with RC2. Stay tuned!
Cheers.
Tried, but not working.
On the Endpoints list at azure i dont get OAuth 2.0 authorization endpoint (v2) with the tenant-id mine says: https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize
But i tried with the tenant-id and it didn't work either.
- Edited
KevinTheJedi
I've tried what suggested, using right endpoints with my tenant_id, all go well 'till the modern authentication, that ask for user, password and scope accept, but unfortunately the response from auth is invalid_client.
As already suggested, there is maybe a problem on how the scope is handled during authentication process, even with
"https://graph.microsoft.com/.default" setted up the scope passed is "offline_access https://outlook.office.com/IMAP.AccessAsUser.All" as per screenshot below
@edgarnadal
As KevinTheJedi suggested, you will find the right urls with your tenentid inside your azure registration portal, in the "Endpoints" link, as seen in the image below
I apologize, we were testing a bunch of scope options and I suggested the wrong one. For the scopes use offline_access https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send - this will cover all that we need for access tokens for IMAP/POP and SMTP. You may need the new build of the Plugin and RC2 which should be released today. So if using that information and those scopes still cause issues then you'll need to wait for RC2.
I will say that I'm running into an issue with my Personal Outlook account. I get the error MailboxNotEnabledForRESTAPI - The mailbox is either inactive, soft-deleted, or is hosted on-premise. after singing in and consenting to scopes. I reached out to microsoft support and they told me this issue is on their end and that "they are working hard to resolve the issue". 
Cheers.