Best way to authenticate a user in outlook office add-in using a magic link

0
votes

Creating an outlook add-in for calendar and it will appear when user opens appointment window. In order to authenticate user, we are using magic link.Following is the current flow :

  1. First time user clicks in add-in window ,clicks a button and gets a magic link in email.
  2. User clicks on magic link, IE browser is launched and user gets a token.
  3. User copies this token and paste in outlook-addin, clicks authenticate and it all goes through.

Problem with this approach is horrible user experience as user has to click multiple times and it might require some training to get users used to this part. Best would have been, clicking magic link Add-in would have got auto-launched and read token in email which I don't think is possible.

We even thought of reading email body with a add-in and extract token using regular expression. This seems to have issues such as performance and particularly adding a new add-in for email view or configuring the existing add-in for email as well as calendar.

Is there any better way to provide seamless user experience without changing the magic link?

1
outlook-addinoffice-jsoffice-addins

1 Answers

1
votes

I'm a little confused as to whether the token is already in the email body or can only be retrieved after clicking on the magic link. It is possible to read and parse the email messages for the token from the calendar add-in using REST API's (https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_list_messages), but I wouldn't recommend that route as it's a bit convoluted. Otherwise, I can't think of a better solution than the ones you've suggested. If magic link is not a hard requirement, I would definitely go with one of these other authentication options.