CODEWITHSUNDEEP
office365office-js
pandemic
pandemic

Reputation: 1195

Office JS getAccessTokenAsync sending wrong auth url

Using getAccessTokenAsync method of OfficeJS API I am trying to get the access token. However after investigation using developer tools -> network I get the request which is being fired in callback of getAccessTokenAsync. When I compare it with working url which were constructed manually I see that some parameters are completely different. For example the ID bc59ab01-8403-45c6-8796-ac3ef710b3e3 in the first url is wrong and should be bc59ab01-8403-45c6-8796-ac3ef710b3e3 (this ID is registered in Azure AD and in manifest aswell). Why its generating the url which is getting the ID which is nowhere in my project and in general why its not working?

request generated by getAccessTokenAsync (not working)

https://login.microsoftonline.com/common/oauth2/authorize?response_type=token&client_id=bc59ab01-8403-45c6-8796-ac3ef710b3e3&resource=api%3A%2F%2Flocalhost%3A3000%2Fc64ded7d-29e6-4083-8afa-351c7a630668&redirect_uri=https%3A%2F%2Foutlook.office.com%2Fowa%2FextSSO.aspx&state=5e7fc82d-190f-4817-8159-25caf2b58687%7Capi%3A%2F%2Flocalhost%3A3000%2Fc64ded7d-29e6-4083-8afa-351c7a630668&client-request-id=32957e85-9ebe-44b9-b8b2-d67ec469f19e&x-client-SKU=Js&x-client-Ver=1.0.15&prompt=none&login_hint=<myEmail>&domain_hint=<domain>

Request constructed manually (working)

https://login.microsoftonline.com/<nameOfCompany>.onmicrosoft.com/oauth2/v2.0/authorize?client_id=c64ded7d-29e6-4083-8afa-351c7a630668&response_type=token&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2F&scope=https://graph.microsoft.com/user.read%20https%3A%2F%2Fgraph.microsoft.com%2Fmail.read&response_mode=fragment&state=12345&nonce=678910

WebApplicationInfo element in manifest.xml

<WebApplicationInfo>
    <Id>c64ded7d-29e6-4083-8afa-351c7a630668</Id>
    <Resource>api://localhost:3000/c64ded7d-29e6-4083-8afa-351c7a630668</Resource>
    <Scopes>
        <Scope>files.read.all</Scope>
        <Scope>profile</Scope>
    </Scopes>
 </WebApplicationInfo>

Upvotes: 0

Views: 257

Answers (1)

Rick Kirkham
Rick Kirkham

Reputation: 9784

This is a bit too complex to put in a comment, so I'll make an answer for now.

  1. Please clarify what you mean by "not working". What error is being returned by getAccessTokenAsync?

  2. It looks to me like your manual request is getting an access token to MS Graph for the add-in (c64ded7d-29e6-4083-8afa-351c7a630668). This is not parallel to what getAccessTokenAsync does. getAccessTokenAsync gets an access token that gives the Office host access to your add-in. The Office Online client ID is bc59ab01-8403-45c6-8796-ac3ef710b3e3, so it is expected that that is the client ID that Office would use in its request. (Search for that GUID in the article Create SSO Office Add-ins.) Also, notice that c64ded7d-29e6-4083-8afa-351c7a630668 is in the value for the "resource" of that request, which is expected because your add-in is the resource to which the Office host needs access.

  3. To get access to Graph, you need server-side code that swaps the token that you get from getAccessTokenAsync for an access token that gives your add-in access to MS Graph by using the "on behalf of" flow. In that transaction, your add-in is the client and Graph is the resource. For more information, see the article SSO in Office Add-ins

Upvotes: 1

Related Questions