Office-Add-in-NodeJS-SSO Example fails to claim scope

[Davidihl]

Question

I am in the process of learning to understand how to achieve SSO within an Office Add-in, so I followed your example.

After sideloading the Add-in into Word 365 for enterprise Version 2403, I run into the error we catch at Create the route and implement On-Behalf-Of flow | TODO 10

Relevant code snippet

try {
  const authHeader = req.headers.authorization;
  let oboRequest = {
    oboAssertion: authHeader.split(' ')[1],
    scopes: ["files.read"],
  };

  // The Scope claim tells you what permissions the client application has in the service.
  // In this case we look for a scope value of access_as_user, or full access to the service as the user.
  const tokenScopes = jwt.decode(oboRequest.oboAssertion).scp.split(' ');
  const accessAsUserScope = tokenScopes.find(
    (scope) => scope === 'access_as_user'
  );
  if (!accessAsUserScope) {
    res.status(401).send({ type: "Missing access_as_user" });
    return;
  }
  const cca = authHelper.getConfidentialClientApplication();
  const response = await cca.acquireTokenOnBehalfOf(oboRequest);
  // TODO 11: Call Microsoft Graph to get list of filenames.
} catch (err) {
  // TODO 12: Handle any errors.
}

What I tried to fix it

1. I double checked my app configuration in my Microsoft Azure App registration according to the tutorial
2. I added ALL files permissions that the API permissions offer to rule out a missing permission within the app
3. I pasted the provided code ssoAuthES6.js from the complete directory into my app to check if I did something wrong
4. I pasted the provided code getFileSRoute.js from the complete directory into my app to check if I did something wrong

Besides some minor differences, the relevant code snippets work identical

[Davidihl]

I found the issue.

At first I thought the code example had a typo, but then I backtracked it further and figured I did a typo while setting up the scope writing access_as_users