Microsoft Oauth keys not working anymore

[bekre10]

Since a few weeks, the Microsoft365 Oauth keys are not working anymore. I created new ones but no luck. I found that Microsoft no longer supports older Oauth methods. So is Freescout compatible with 2.0 Oauth?
I guess the answer is no.
We had to re-route all support emails from M365 to a Google account in order to be able to receive them in Freescout again.

[freescout-helpdesk]

https://github.com/freescout-helpdesk/freescout/wiki/Connect-FreeScout-to-Microsoft-365-Exchange-via-oAuth

[bekre10]

Thx. I knew this site, I know the settings. It doesn't work anymore (used to work before). Therefore my question. Is Oauth 2 supported? Or only older versions?

[avenjamin]

We're currently using oauth with MS 365 as per the linked article and don't have any issues.

However I have had to re issue the secret keys twice before but not sure if that was my fault.

What error messages do you get?

[bekre10]

Thanks. I do get the "Connected, but no IMAP folders found" error. It was working fine and suddenly stopped working for two different tenants. So that was with a change from Microsoft. Re-issued the keys and adjusted permissions according to the link from freescout-helpdesk but never got it working again. I do connect with the correct mailbox account, tried with different browser, and different internet connections. Cleared cache, restarted the FreeScout server. But always the same error.
Connection to the Mailbox works fine, we use Microsoft365 Basic license for it.
Do you use a license for Azure AD? Did Microsoft change anything and this could require a license now? We don't use AD license.

[bekre10]

@freescout-helpdesk Could you please change this topic from "closed" to open? Because it's really not yet solved.

[avenjamin]

@bekre10
Our freescout user in 365 only has an Exchange Online plan.
We do have an "Azure AD Premium P1" license.

The App only has the permissions as seen in the attached - (The above linked wiki article has changed since we implemented our account)

[bekre10]

Thanks @avenjamin I have added Azure AD Premium P1 licenses but no difference. Still not working. Pulling my hair out.

[avenjamin]

@bekre10 have you tried deleting the mailbox and re-creating it?

[bekre10]

@avenjamin Yes, deleted multiple times in Freescout. Also created new email account in M365, assigned EOP1 and Azure AD P1 license. Now I just created a new key under "Certificates & secrets", then opened a web browser logged in to our Freescout account. Created a new mailbox, added the usual info including Client ID and Value ID, and connected. Had to authenticate with the email account which is of course the same as I am trying to connect in Freescout, and then it shows the account is Active in Freescout. Clicked on "Get folders" and back to the usual error. I am still logged in to our helpdesk@... M365 account in the same browser, which I can access just fine.

[freescout-helpdesk]

Try to debug the connection following these instructions: https://github.com/freescout-helpdesk/freescout/wiki/Connect-FreeScout-to-Microsoft-365-Exchange-via-oAuth#debugging-oauth-emails-fetching

Also try to contact MS365 support providing them with the info you'll obtain from the debugging.

[bekre10]

@freescout-helpdesk I have been discussing this with Microsoft for a month now. Also, the debugging doesn't show any errors.
Log files in the console show as below but only sometimes.

Error: imap_open(): Couldn't open stream {outlook.office365.com:993/imap/ssl}. Retrying PLAIN authentication after AUTHENTICATE failed.; Retrying PLAIN authentication after AUTHENTICATE failed.; Can not authenticate to IMAP server: AUTHENTICATE failed.; File: /var/www/html/overrides/webklex/laravel-imap/src/IMAP/Client.php (230)

[freescout-helpdesk]

Some people had issues with connecting to MS365 mailboxes #2264 (comment) due to problems on MS365 side, but those issues were resolved by MS365 after some time. So maybe something simply got broken in your specific MS365 account.

[bekre10]

@freescout-helpdesk I doubt it but can't entirely rule it out. The issue started at the same time on 2 different M365 tenants, one belonging to us and one from our customer. Both addresses (each with their own domain) can't be added anymore to Freescout via API.
I have tried so many times now to get it back working with no success. Just got an email now from MS, they want me to schedule a remote session with them. I will update here with the results.

[bekre10]

@freescout-helpdesk After today's update to 1.8.54, I can connect again to M365 mailboxes via Oauth.
So apparently, it was an issue on Freescount's end rather than Microsoft's. Glad it has been fixed and hope that issue won't come back with one of the next updates :) @avenjamin
Thanks a lot.

[minghuiyu]

I am on1.8.52 and O365 email fetching works (well, 99% of the time; a few fetching failures in the past week).

Freescout's log shows errors are because of https://github.com/freescout-helpdesk/freescout/blob/dist/vendor/webklex/php-imap/src/Client.php#L391 or https://github.com/freescout-helpdesk/freescout/blob/dist/vendor/webklex/php-imap/src/Connection/Protocols/ImapProtocol.php#L82, both appear to be connection issues on the authentication part.

I cannot find errors on Azure AD either. Plan to send a ticket to MS. I changed fetching from every 1 minute to every 5 minutes, and will see if that helps. @freescout-helpdesk is it possible to add every 2 or 3 minutes options to the drop down list? Should be a fairly straightforward change. Thanks.

[freescout-helpdesk]

There was no updates in the fetching algorithm made. Probably you had a bit broken installation and updating fixed it.