[FOUR-31263] Use .us Microsoft endpoints for Office365 OAuth

ProcessMaker/Managers/OauthMailManager.php

@@ -9,6 +9,7 @@
 use Illuminate\Mail\MailManager;
 use ProcessMaker\Models\EnvironmentVariable;
 use ProcessMaker\Packages\Connectors\Email\EmailConfig;
+use ProcessMaker\Models\Setting;
 
 class OauthMailManager extends MailManager
 {
@@ -127,13 +128,25 @@ private function refreshAccessToken()
     {
         try {
             $index = $this->emailServerIndex ? "_{$this->emailServerIndex}" : '';
+            //Get Mail Host
+            $key = "EMAIL_CONNECTOR_MAIL_HOST{$index}";
+            $settingEmailConnectorMailHost = Setting::byKey($key)?->config ?? null;
+
+            $baseUrlMicrosoft = 'https://login.microsoftonline.com/';
+            $permissions = 'https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send offline_access';
+            // Change the Microsoft Base Url and scopes according to the environment if the mail host ends with .us, which is the case for Microsoft 365 US Government.
+            if ($settingEmailConnectorMailHost && is_string($settingEmailConnectorMailHost) && str_ends_with($settingEmailConnectorMailHost, '.us')) {
+                $baseUrlMicrosoft = 'https://login.microsoftonline.us/';
+                $permissions = 'https://outlook.office365.us/IMAP.AccessAsUser.All https://outlook.office365.us/POP.AccessAsUser.All https://outlook.office365.us/SMTP.Send offline_access';
+            }
+
             $guzzle = new Client();
-            $url = 'https://login.microsoftonline.com/' . $this->token->tenant_id . '/oauth2/v2.0/token';
+            $url = $baseUrlMicrosoft . $this->token->tenant_id . '/oauth2/v2.0/token';
             $newToken = json_decode($guzzle->post($url, [
                 'form_params' => [
                     'client_id' =>  $this->token->client_id,
                     'client_secret' => $this->token->client_secret,
-                    'scope' => 'https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send offline_access',
+                    'scope' => $permissions,
                     'refresh_token' => $this->token->refresh_token,
                     'grant_type' => 'refresh_token',
                 ],