0

Context

I'm building an Office 365 add-in - to be run in Outlook, both desktop and web -, and I'm at the stage where I want to try logging the user in and getting an access token. However, I'm running into trouble getting the login to work.

The Troubles

I have registered the application in Entra, and I have an App ID for it. I filled out my WebApplicationInfo element in the manifest, and that's where the problems start.

Rejected sideloading

If I use the app URL Entra gives me, and get something like this

<WebApplicationInfo>
  <Id>foo</Id>
  <Resource>api://foo</Resource>
  <Scopes>
    <Scope>User.Read</Scope>
    <Scope>Mail.Read</Scope>
    <Scope>offline_access</Scope>
    <Scope>email</Scope>
    <Scope>profile</Scope>
    <Scope>openid</Scope>
  </Scopes>
</WebApplicationInfo>

Outlook will reject the sideload - but will not give any reasons why - and nothing will work (obviously).
The Resource element looks strange, but according to Microsoft docs, this is by-design as this is how Entra enforces uniqueness in URLs.

If I comment this element, things are working, but - as expected - calling the auth APIs will give an error as the add-in is not signaling auth capability.

Client error

If I "fix" the app URL to look something like an actual URL, such as this one

<WebApplicationInfo>
  <Id>foo</Id>
  <Resource>api://localhost:3000/foo</Resource>
  <Scopes>
    <Scope>User.Read</Scope>
    <Scope>Mail.Read</Scope>
    <Scope>offline_access</Scope>
    <Scope>email</Scope>
    <Scope>profile</Scope>
    <Scope>openid</Scope>
  </Scopes>
</WebApplicationInfo>

Outlook will accept the manifest for sideloading and I am able to call the Javascript APIs to initiate login, but this will predictably fail, because it's pointing to a localhost origin. Furthermore, the Microsoft documentation for the element shows the example as

<WebApplicationInfo>
  <Id>12345678-abcd-1234-efab-123456789abc</Id>
  <Resource>api://contoso.com/12345678-abcd-1234-efab-123456789abc</Resource>
  <Scopes>
    <Scope>Files.Read.All</Scope>
    <Scope>offline_access</Scope>
    <Scope>openid</Scope>
    <Scope>profile</Scope>
  </Scopes>
</WebApplicationInfo>

where the host is also set to a non-random value, leading me to believe the Entra UI is giving me the wrong information.

The question

How do I get the login working from within an add-in? What do I need to specify in the WebApplicationInfo element in order to be able to use the JS APIs?

Improve this question
4
  • When you are developing, you are typically using a local dev server at a localhost:xxxx domain. When you move to staging you are typically using a public domain. Don't for get to update your Entra registration when you go to staging. See learn.microsoft.com/en-us/office/dev/add-ins/develop/… Commented May 13, 2024 at 18:10
  • @RickKirkham That was a good reference, other docs didn't mention I need to "fix" the URL Entra gives me by default. The weird thing is, I tried setting it to a production domain - just to get logs - or a local server, but nothing apart from localhost:3000 is accepted, anything else results in a rejected sideload (no details given of course /s)... Commented May 20, 2024 at 9:28
  • Sideloading is for localhost. When you change the URL to a staging or production URL, you have to publish some other way. See Publish, especially Network share. Commented May 20, 2024 at 17:18
  • @RickKirkham Thanks, I'll take a look at this doc as well. <gripe> It would be awesome if the official tutorial included these pieces of vital information without me having to resort to asking around on SO... </gripe> Commented May 21, 2024 at 13:53
Related questions
0
Insufficient privileges to complete the operation
22
Office 365 XOAUTH2 for IMAP and SMTP Authentication fails
3
Outlook add on sideloading fails because of unauthorized access
Load 5 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.