Single Sign On


link - docs.microsoft.com/en-us/office/dev/add-ins/quickstarts/sso-quickstart
link - docs.microsoft.com/en-us/office/dev/add-ins/quickstarts/sso-quickstart-customize
link - docs.microsoft.com/en-us/office/dev/add-ins/develop/auth-with-office-dialog-api
link - docs.microsoft.com/en-us/office/dev/add-ins/develop/create-sso-office-add-ins-nodejs
link - docs.microsoft.com/en-us/office/dev/add-ins/develop/sso-in-office-add-ins
link - aka.ms/officeaddinsso



iFrame

When you are running Office on the web and using a task pane, this task pane uses an iFrame.
A lot of the Identity Authorities (or Secure Token Services STS) do not allow there login page to open in an iFrame.
These include Google, Facebook including Microsoft Identity Platform (msal).
The Office Dialog API, specifically the displayDialogAsync method was created to get around this problem.
The displayDialogAsync method can be launched from a task pane and opens an entirely separate browser instance which allows the login pages to run.


Passing Access Token

The dialog window can send the access token to the task pane using messageParent.

Office.context.ui.messageParent 

Silent vs Interactive

There are two ways you can acquire a token

MSAL.acquireTokenSilent 
MSAL.acquireTokenInteractive



authConfig.js

const c_msalConfig = { 
   auth: {
      clientId:
      authority:
      redirectUri: "http://localhost:3000"
      postLogoutRedirectUri: "http://localhost:3000" // only for redirect, not popup
   },
   cache: {
      cacheLocation: "sessionStorage", // where the cache will be stored
      storeAuthStateInCookie: false
   }
};

// id tokens for MS Identity Platform endpoints
const c_loginRequest = {
   scopes: [""]
};

// access tokens for MS Graph API endpoints
const c_tokenRequest = {
   scopes: [""],
   forceRefresh: true
};


authPopup.js

const myMSALObj = new msal.PublicClientApplication(c_msalConfig) 

function f_signIn() {
   myMSALObj.loginPopup(c_loginRequest)
      .then(response => {

         console.log('id_token acquired at: ' new Date().toString());

         if (myMSALObj.getAccount()) {
            showWelcomeMessage(myMSALObj.getAccount());
         }

      }).catch(error => {
         console.error(error);
      });
}

function f_signOut() {
   myMSALObj.logout();
}

function f_seeProfile() {
   if (myMSALObj.getAccount()) {

      f_getTokenPopup(c_loginRequest)
         .then(response => {

            callMSGraph(graphConfig.graphMeEndpoint, response.accessToken, updateUI);

            profileButton.classList.add('d-none');

            mailButton.classList.remove('d-none');

         }).catch(error => {
            console.error(error);
         });
   }
}

function f_readMail() {
   if (myMSALObj.getAccount()) {
  
      f_getTokenPopup(c_tokenRequest)
         .then(response => {

            callMSGraph(graphConfig.graphMeEndpoint, response.accessToken, updateUI);

         }).catch(error => {
            console.error(error);
         });
   }
}

function f_getTokenPopup(request) {
   return myMSALObj.acquireTokenSilent(request)
      .catch(error => {
         console.warn(error);

         console.warn("silent token acquisition fails, acquiring token using popup");
         return myMSALObj.acquireTokenPopup(request)
            .then(response => {
               return response;
            }).catch(error => {
               console.error(error);
            });
      });
}



authRedirect.js

const myMSALObj = new msal.PublicClientApplication(c_msalConfig) 

let accessToken;

// Register callbacks for Redirect Flow
myMSALObj.handleRedirectCallback(f_authRedirectCallBack);

function f_authRedirectCallBack(error, response)
   if (error) {
      console.error(error);
   } else {
      if (myMSALObj.getAccount()) {
         console.log("id_token acquired at: " + new Date().toString());
  
         showWelcomeMessage(myMSALObj.getAccount());

         f_getTokenRedirect(c_loginRequest);

      } else if (response.tokenType === "Bearer") { {
         console.log("access_token acquired at: " + new Date().toString());
      } else {
         console.log("token type is: " + response.tokenType);
      }
   }
}

if (myMSALObj.getAccount()) {
   showWelcomeMessage(myMSALObj.getAccount());
}

function f_signIn() {
   myMSALObj.loginRedirect(loginRequest);
}

function f_signOut() {
   myMSALObj.logout();
}

function f_seeProfile() {
   f_getTokenRedirect(loginRequest);
}

function f_readMail() {
   f_getTokenRedirect(tokenRequest);
}

function f_getTokenRedirect(request)





© 2021 Better Solutions Limited. All Rights Reserved. © 2021 Better Solutions Limited TopPrevNext