getAccessToken


OfficeRuntime.auth.getAccessToken

The "OfficeRuntime.auth" interface is equivalent to "Office.auth".
The "OfficeRuntime.auth" interface is not being updated.
The "OfficeRuntime.auth" interface has been replaced witj Office.auth


Office.auth.getAccessToken

This provides a method, getAccessToken that enables the Office application to obtain a profile token of who is currently signed in to Office.
You need to add the WebApplicationInfo to your manifest.
This token can then be used to request a MS Graph access token using the On Behalf Of OAuth flow, without asking the user to sign in a second time.
The MS Graph access token also contains a Refresh token.
This method calls the Azure Active Directory V 2.0 endpoint.

OfficeRuntime.auth.getAccessToken(options?: AuthOptions) : (result: AsyncResult<string>) => void): void; 

allowConsentPrompt (default: false) - Allows Office to get an access token silently or through interactive consent, if one is required. If set to false, Office will silently try to get an access token. If it fails to do so, Office will return a descriptive error. If set to true, Office will show an interactive consent UI after it fails to silently get an access token. The prompt will only allow consent to the AAD "profile" scope, not to any Microsoft Graph scopes.
allowSignInPrompt (default: false) - Allows Office to get an access token silently provided consent is present or show interactive UI to sign in the user. If set to false, Office will silently try to get an access token. If it fails to do so, Office will return a descriptive error. If set to true, Office will show an interactive sign-in UI after it fails to silently get an access token.
forMSGraphAccess (default: false) - Allows you to quick check if the user has access to MS Graph. Causes Office to return a descriptive error when the add-in wants to access Microsoft Graph and the user/admin has not granted consent to Graph scopes. Office only supports consent to Graph scopes when the add-in has been deployed by a tenant admin / centralised deployment (these add-ins appear on the Admin Managed tab of the Office Add-ins dialog box). This information will not be available during development. Setting this option to true will cause Office to inform your add-in beforehand (by returning a descriptive error) if Graph access will fail.
forceAddAccount (default: false) - Prompts the user to add their Office account (or to switch to it, if it is already added).
forceConsent (default: false) - Causes Office to display the add-in consent experience. Useful if the add-in's Azure permissions have changed or if the user's consent has been revoked.
authChallenge - Office will prompt the user to provide the additional factor when the tenancy being targeted by Microsoft Graph requires multifactor authentication. The string value identifies the type of additional factor that is required. In most cases, you won't know at development time whether the user's tenant requires an additional factor or what the string should be. So this option would be used in a "second try" call of getAccessToken after Microsoft Graph has sent an error requesting the additional factor and containing the string that should be used with the authChallenge option.
asyncContext - A user-defined item of any type that is returned, unchanged, in the asyncContext property of the AsyncResult object that is passed to a callback.


Outlook Add-ins

In Outlook, this API is not supported if the add-in is loaded in an Outlook.com or Gmail mailbox.
If you develop an Outlook add-in that uses SSO and you sideload it for testing, Office will always return error 13012 when forMSGraphAccess is passed to getAccessToken even if administrator consent has been granted.
For this reason, you should comment out the forMSGraphAccess option when developing an Outlook add-in.
Be sure to uncomment the option when you deploy for production.
The bogus 13012 only happens when you are sideloading in Outlook.


Office.context.auth.getAccessTokenAsync

This implementation was part of Identity API 1.1 and used Callbacks.
First Released in May 2017 (at the Build conference) but never made it out of preview.
This implementation used Callbacks.
This is not being updated and is no longer supported.
The latest is Identity API 1.3, there is no documentation on version 1.2.

Office.context.auth.getAccessTokenAsync 
isSetSupported('IdentityAPI', '1.1')

© 2022 Better Solutions Limited. All Rights Reserved. © 2022 Better Solutions Limited TopPrevNext