Error when using non-localhost as redirect URI.

[glr0221]

Note: This repo is only for questions related to its samples. If you have questions about how to use office.js or the Office developer platform, please post your question on https://stackoverflow.com. Tag your question with office-js or outlook-web-addins

Question

Ask your question here.

I have tried the sample code with localhost and it works really well. However when I replaced it with my own doman brk-multihub://mydomain.com, it starts failing and shows the following message :

_Unable to acquire access token: ServerError: invalidclient: AADSTS700046: Invalid Reply Address. Reply Address must have scheme brk-9199bf20-a13f-4107-85dc-02114787ef48:// and be of Single Page Application type. Trace ID: bfab6bec-f53e-4574-b2fc-f7f8b3e16900 Correlation ID: 018f7b70-d53f-7933-a077-77abb9efca3e Timestamp: 2024-05-15 08:49:03Z

This is totally new to me and I have no idea where to begin debugging this issue. I believe this has something to do with the Single-Page application redirect uris. Can you please help me find a way to get NAA-SSO work for my outlook addin?

Thank you.

[AlexJerabek]

Hi @glr0221,

Thanks for reaching out. @davidchesnut, could you please investigate?

[glr0221]

@AlexJerabek @davidchesnut

It works now. I found out that this only works on Outlook Clients Beta build. The error I reported is because I used OWA / Browser to test my NAA-SSO-enabled addin. Is my assumption correct that this only works for Outlook Clients Beta build as the feature is still in preview? I had errors in both mobile and web.

We can close this ticket for now.

[davidchesnut]

Hi @glr0221, glad to hear this is working now! You can get it to work in the browser, but you have to add a second redirect. See step 7 in the Outlook NAA sample. Also you need a login hint when in the browser which is what this call to getAuthContext helps with. This is because the NAA broker architecture isn't required in the browser scenario. Excel, Word, and PowerPoint do not yet work with this configuration to work in the browser, but we plan to add that soon. And you are correct there is no support for mobile at this time.

[glr0221]

@davidchesnut

I have tried this again with the browser. I added a 2nd redirect and also see that getAuthContext run successfully. Unfortunately, when the popup shows it is blank and the following error is shown in my logs :

_Unable to acquire token interactively: ServerError: invalidclient: AADSTS700046: Invalid Reply Address. Reply Address must have scheme brk-9199bf20-a13f-4107-85dc-02114787ef48:// and be of Single Page Application type. Trace ID: 4a184908-2168-40dc-9be3-e4a69fb8b000 Correlation ID: 018f847a-99c4-70a3-9bde-fc378fa07c3b Timestamp: 2024-05-17 02:56:20Z

Do you have any idea how I can resolve this? Please note that this same code works perfectly fine in BETA channel of outlook.

[glr0221]

For today, I retested again and somehow managed to make the NAA-SSO work on the browser (incognito-chrome). Although silent token acquisition is successful, I get the following error/message in my console :

_InteractionRequiredAuthError: loginrequired: AADSTS50058: A silent sign-in request was sent but no user is signed in. The cookies used to represent the user's session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the web app sending the silent sign-in request is in different IE security zone than the Azure AD endpoint (login.microsoftonline.com). Trace ID: f1d125a9-c385-4793-b5cf-f413caa01d00 Correlation ID: 018f991f-fffb-74ab-8ca9-cadc4d15392d Timestamp: 2024-05-21 03:09:22Z

The token was received successfully and was usable for GRAPH transactions.

[davidchesnut]

Hi @glr0221,

If 3P cookies are blocked then authentication won't work and you'll need to look into workarounds. This blog post has additional details: Using device state for an improved SSO experience on browsers with blocked third-party cookies.

But sounds like it is working now?

[glr0221]

@davidchesnut

Sorry for the late response. Everything is working now. Thank you.

PS : I will have to study the link you sent my way.

Thanks again.

[glr0221]

Thanks again.