Single Sign On

This allows your uses to have authorized access to Microsoft 365 OneDrive and Microsoft Graph.
Also known as the Identity API or the SSO API
Both these versions require the add-in to be registered on Azure Active Directory.
Both these versions require an additional manifest entry.
Both these versions use MSAL v1.0 - @msal
Both these versions use OAuth 2.0 Implicit Flow.

</Resources> 
<WebApplicationInfo> 
  <Id>{application GUID} 
  <Resource>api://localhost:8080/{application GUID}</Resource> 
  <Scopes> 

Identity API 1.3

First Released in August 2020.
The first preview version was released in November 2019.
This implementation uses Promises.
This is supported for Word, Excel, Outlook, and PowerPoint.

OfficeRuntime.auth.getAccessToken 
Office.context.auth.getAccessToken 
isSetSupported('IdentityAPI', '1.3') 

This implementation is the one used by the Yeoman Generator when you select ""

Identity API 1.2 (unofficial)

There is no documentation on this.

Identity API 1.1 (preview only)

First Released in May 2017 (at the Build conference) but never made it out of preview.
This implementation used Callbacks.
This is not being updated and is no longer supported.

Office.context.auth.getAccessTokenAsync 
isSetSupported('IdentityAPI', '1.1') 

Microsoft Authenticaton Library

It is possible to call Azure and get an access token from outside the context of Office.
For more information, refer to this page.

iFrame

When you are running Office on the web and using a task pane, this task pane uses an iFrame.
A lot of the Identity Authorities (or Secure Token Services STS) do not allow there login page to open in an iFrame.
These include Google, Facebook including Microsoft Identity Platform (msal).
The Office Dialog API, specifically the displayDialogAsync method was created to get around this problem.
The displayDialogAsync method can be launched from a task pane and opens an entirely separate browser instance which allows the login pages to run.

Passing Access Token

The dialog window can send the access token to the task pane using messageParent.

Office.context.ui.messageParent 

Silent vs Interactive

There are two ways you can acquire a token

MSAL.acquireTokenSilent 
MSAL.acquireTokenInteractive 

Documentation

link - docs.microsoft.com/en-us/office/dev/add-ins/develop/sso-in-office-add-ins
link - docs.microsoft.com/en-us/office/dev/add-ins/develop/auth-with-office-dialog-api
link - docs.microsoft.com/en-us/office/dev/store/add-in-submission-guide
link - developer.microsoft.com/en-us/microsoft-365/blogs/announcing-general-availability-of-single-sign-on-sso-for-office-add-ins
link - developer.okta.com/blog/2019/08/22/okta-authjs-pkce