I am in the process of learning to understand how to achieve SSO within an Office Add-in, so I followed your example.
After sideloading the Add-in into Word 365 for enterprise Version 2403, I run into the error we catch at Create the route and implement On-Behalf-Of flow | TODO 10
Relevant code snippet
try {
const authHeader = req.headers.authorization;
let oboRequest = {
oboAssertion: authHeader.split(' ')[1],
scopes: ["files.read"],
};
// The Scope claim tells you what permissions the client application has in the service.
// In this case we look for a scope value of access_as_user, or full access to the service as the user.
const tokenScopes = jwt.decode(oboRequest.oboAssertion).scp.split(' ');
const accessAsUserScope = tokenScopes.find(
(scope) => scope === 'access_as_user'
);
if (!accessAsUserScope) {
res.status(401).send({ type: "Missing access_as_user" });
return;
}
const cca = authHelper.getConfidentialClientApplication();
const response = await cca.acquireTokenOnBehalfOf(oboRequest);
// TODO 11: Call Microsoft Graph to get list of filenames.
} catch (err) {
// TODO 12: Handle any errors.
}
What I tried to fix it
I double checked my app configuration in my Microsoft Azure App registration according to the tutorial
I added ALL files permissions that the API permissions offer to rule out a missing permission within the app
I pasted the provided code ssoAuthES6.js from the complete directory into my app to check if I did something wrong
I pasted the provided code getFileSRoute.js from the complete directory into my app to check if I did something wrong
Besides some minor differences, the relevant code snippets work identical
At first I thought the code example had a typo, but then I backtracked it further and figured I did a typo while setting up the scope writing access_as_users
Question
I am in the process of learning to understand how to achieve SSO within an Office Add-in, so I followed your example.
After sideloading the Add-in into
Word 365 for enterprise Version 2403
, I run into the error we catch atCreate the route and implement On-Behalf-Of flow | TODO 10
Relevant code snippet
What I tried to fix it
files
permissions that theAPI permissions offer
to rule out a missing permission within the appssoAuthES6.js
from the complete directory into my app to check if I did something wronggetFileSRoute.js
from the complete directory into my app to check if I did something wrongBesides some minor differences, the relevant code snippets work identical![image](https://github.com/OfficeDev/Office-Add-in-samples/assets/111972510/a7826ed4-a876-4920-9328-4737faad0d56)