outlook addin single sign on failures

Question

just create some small outlook addin for office365 and tried to enable single sign on via MS account. Deployed it to some simple 3rd party server with manifest by path: https://domain1.domain2.com/subfolder. In manifest defined WebApplicationInfo there put info for SSO as described in docs:

<Id>AppId</Id>
<Resource>api://domain1.domain2.com/appId</Resource>

but everytime I got OfficeRuntime.auth.getAccessToken: {"name":"Invalid application resource Url provided.","message":"Invalid resource Url specified in the manifest.","code":13004}

Looks like something is wrong with Resource but I have no idea that exactly is wrong there.

Thanks.

Answer 1

Make sure the URI corresponds to the Resources section of your add-in's manifest file. The subfolder can be missed in the path.

The Resource element contains the same URI (including the api: protocol) that you used when registering the add-in with the Microsoft identity platform. The domain part of this URI must match the domain, including any subdomains, used in the URLs in the <Resources> section of the add-in's manifest and the URI must end with the client ID specified in the <Id> element.

See Enable single sign-on (SSO) in an Office Add-in for more information.