Outlook web add-in calling Microsoft Graph

2
votes

I'm following office-js-helpers to enable SSO login, and then use the access token to call Graph API.

But, Authentication will open the login windows in a new tab even I have added in manifest.xml 

<AppDomain>https://login.windows.net</AppDomain>
<AppDomain>https://login.microsoftonline.com</AppDomain>

Current Result.
enter image description here

Edit:
For SSO login, should it be redirected in the Outlook add-in instead of open a new Web Browser window?

Here is the demo project OutlookOneDriveGraphAddIn.

I want to enable graph api in my Outlook web addin, graph api will need login process, I want to be able request access token in my web addin.

If there is anything unclear, please let me know.

2
office-jsazure-ad-graph-apioutlook-web-addinsoffice-js-helpers
There isn't a question here - or a reproducable code.Mavi Domates
We can help you better, if you can explain what you are trying to achieve and what is the issue, you are facing. Also, please add some code with which we can reproduce the issue, whenever possible.Outlook Add-ins Team - MSFT
@MaviDomates Please check the update.Edward
@OutlookAdd-insTeam-MSFT Please check the update. I want to achieve Create an ASP.NET Office Add-in that uses single sign-on (preview)Edward
For authentication flows, we recommend using the Office.js Dialog API. The section of the documentation I linked to describes how to use the API to implement an authentication flow.Outlook Add-ins Team - MSFT

2 Answers

3
votes

There are 2 questions here.

Question #1: For SSO login, should it be redirected in the Outlook add-in instead of open a new Web Browser window?

It should not be redirected in the Office add-in, for the very simple reason that this is against OAuth. With OAuth authentication, you'll have to show user the URL - otherwise you can spoof a UI which looks similar to Microsoft login in your add-in and steal people's credentials. Obviously this is not secure. So instead, when you call the getAccessTokenAsync it should pop-up a dialog, if the user is not signed in. Signing in is handled by Microsoft, which afterwards, the token becomes available through the same method getAccessTokenAsync.

Question #2: How do I get the access token from my add-in?

Refer to the documentation here: https://docs.microsoft.com/en-us/office/dev/add-ins/develop/sso-in-office-add-ins#add-client-side-code

Office.context.auth.getAccessTokenAsync(function (result) {
    if (result.status === "succeeded") {
        // Use this token to call Web API
        var ssoToken = result.value;
        ...
    } else {
        if (result.error.code === 13003) {
            // SSO is not supported for domain user accounts, only
            // work or school (Office 365) or Microsoft Account IDs.
        } else {
            // Handle error
        }
    }
});
0
votes

Hey I have gone through the same problem. I was also working on an Outlook Addin which needed access token to request resources from GraphAPI. After long hours of searching, I found the best method possible and had completed the implementation of my Addin.

Try the steps in Access token without user. The way I did was using a nodejs middleware for authentication and its working. Now I can access most of GraphApi resources using this. Hope this helps.

Please note that using this method you should be enabling Application Permissions, not delegated.