getAccessToken


OfficeRuntime.auth.getAccessToken

The "OfficeRuntime.auth" interface is equivalent to "Office.auth".
The "OfficeRuntime.auth" interface is not being updated.
The "OfficeRuntime.auth" interface has been replaced with Office.auth.


Office.auth.getAccessToken

This implementation is part of the Identity API 1.3 requirement set.
Released in August 2020.
This implementation uses Promises, not callbacks.
This provides a method, getAccessToken that enables the Office application to obtain an identity token of who is currently signed in to Office.
You need to add the WebApplicationInfo to your manifest.
This token can then be used to request a MS Graph access token using the On Behalf Of OAuth flow, without asking the user to sign in a second time.
The MS Graph access token also contains a Refresh token.
This method calls the Azure Active Directory V 2.0 endpoint.

OfficeRuntime.auth.getAccessToken(options?: OfficeRuntime.AuthOptions) : (result: AsyncResult<string>) => void): void; 
isSetSupported('IdentityAPI', '1.3')

allowConsentPrompt (boolean, default: False)
False - Office will silently try to get the identity token. If it fails to do so, a descriptive error is returned.
True - Office will silently try to get the identity token. If it fails to do so, an interactive consent UI (only for the AAD "profile" scope) is displayed.
Useful if the add-in's Azure permissions have changed or if the user's consent has been revoked.


allowSignInPrompt (boolean, default: False)
False - Office will silently try to get the identity token, assuming that consent has already been given. If it fails to do so, a descriptive error is returned.
True - Office will silently try to get the identity token, assuming that consent has already been given. If it fails to do so, an interactive sign-in UI is displayed.


forMSGraphAccess (default: False)
False - Office will silently check if the user has access to the MS Graph scopes. If they do not have access, Office will return a descriptive error.
True - Office will inform your add-in beforehand (by returning a descriptive error) if Graph access will fail.
Office only supports consent to Graph scopes when the add-in has been deployed by a tenant admin / centralised deployment (these add-ins appear on the Admin Managed tab of the Office Add-ins dialog box).
This information will not be available during development.


asyncContext (any)
A user-defined item of any type that is returned, unchanged, in the asyncContext property of the AsyncResult object that is passed to a callback.


authChallenge (string)
Office will prompt the user to provide the additional factor when the tenancy being targeted by Microsoft Graph requires multifactor authentication.
The string value identifies the type of additional factor that is required. In most cases, you won't know at development time whether the user's tenant requires an additional factor or what the string should be.
So this option would be used in a "second try" call of getAccessToken after Microsoft Graph has sent an error requesting the additional factor and containing the string that should be used with the authChallenge option.


forceConsent (boolean, default: False)
This has been replaced with allowConsentPrompt.


forceAddAccount (boolean, default: False)
This has been replaced with allowSignInPrompt.


Outlook Add-ins

In Outlook, this API is not supported if the add-in is loaded in an Outlook.com or Gmail mailbox.
If you develop an Outlook add-in that uses SSO and you sideload it for testing, Office will always return error 13012 when forMSGraphAccess is passed to getAccessToken even if administrator consent has been granted.
For this reason, you should comment out the forMSGraphAccess option when developing an Outlook add-in.
Be sure to uncomment the option when you deploy for production.
The bogus 13012 only happens when you are sideloading in Outlook.


Office.context.auth.getAccessTokenAsync

This implementation was part of the Identity API 1.1 requirement set.
Released in May 2017 (at the Build conference) but never made it out of preview.
This implementation used Callbacks.
This is no longer being updated or supported.
The latest is Identity API 1.3, there is no documentation on version 1.2.

Office.context.auth.getAccessTokenAsync 
isSetSupported('IdentityAPI', '1.1')

© 2023 Better Solutions Limited. All Rights Reserved. © 2023 Better Solutions Limited TopPrevNext