[Bug] npm run configure-sso fails to open browser for authentication to Azure

[Tom-H2oThermo]

Describe the bug Running the command "npm run configure-sso" fails with "UnhandledPromiseRejection".

To Reproduce Steps to reproduce the behavior:

1. In terminal I enter the command npm run configure-sso
2. It says "Project was previously updated. ? Continue anyway" and I select Yes
3. It says "Opening browser for authentication to Azure. Enter valid Azure credentials". A browser does not open.
4. The error occurs. See screenshot below.

Expected behavior I expected a browser to open for me to authenticate to Azure.

Screenshots or logs/output in Terminal

Environment(please complete the following information):

• OS: Windows_NT x64
• Version 10.0.22631
• VS Code Version 1.93.1
• Extension Version 0.5.0
• Node Version 20.15.1

Additional context There are no problems detected in the workspace, my manifest passes validation (using the development kit).

[hermanwenhe]

Can you try run npm install and then run npm run configure-sso again?

[Tom-H2oThermo]

Herman, I just did this but I get the same results. See below.

PS C:\Users\tomte\OfficeAddinApps\H2oThermo_SSO> npm install

up to date, audited 1271 packages in 3s

236 packages are looking for funding run npm fund for details

6 vulnerabilities (3 moderate, 3 high)

To address issues that do not require attention, run: npm audit fix

Some issues need review, and may require choosing a different dependency.

Run npm audit for details. PS C:\Users\tomte\OfficeAddinApps\H2oThermo_SSO> npm audit fix

up to date, audited 1271 packages in 3s

236 packages are looking for funding run npm fund for details

npm audit report

body-parser <1.20.3 Severity: high body-parser vulnerable to denial of service when url encoding is enabled - https://github.com/advisories/GHSA-qwcr-r2fm-qrc7 No fix available node_modules/body-parser express <=4.19.2 || 5.0.0-alpha.1 - 5.0.0-beta.3 Depends on vulnerable versions of body-parser Depends on vulnerable versions of path-to-regexp Depends on vulnerable versions of send Depends on vulnerable versions of serve-static node_modules/express office-addin-sso * Depends on vulnerable versions of express node_modules/office-addin-sso

path-to-regexp <0.1.10 Severity: high path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j
No fix available node_modules/path-to-regexp

send <0.19.0 Severity: moderate send vulnerable to template injection that can lead to XSS - https://github.com/advisories/GHSA-m6fv-jmcg-4jfg
No fix available node_modules/send serve-static <=1.16.0 Depends on vulnerable versions of send node_modules/serve-static

6 vulnerabilities (3 moderate, 3 high)

To address issues that do not require attention, run: npm audit fix

Some issues need review, and may require choosing a different dependency. PS C:\Users\tomte\OfficeAddinApps\H2oThermo_SSO> npm run configure-sso

office-addin-taskpane-sso-js@0.0.0 configure-sso office-addin-sso configure manifest.xml

Project was already previously updated. ? Continue anyway? Yes Opening browser for authentication to Azure. Enter valid Azure credentials node:internal/process/promises:288 triggerUncaughtException(err, true / fromPromise /); ^

[UnhandledPromiseRejection: This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). The promise rejected with the reason "'az' is not recognized as an internal or external command, operable program or batch file. ".] { code: 'ERR_UNHANDLED_REJECTION' }

Node.js v18.20.2 PS C:\Users\tomte\OfficeAddinApps\H2oThermo_SSO>

[hermanwenhe]

Seems you have not installed the azure-cli. You can install it via https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-windows?tabs=azure-cli and add Azure CLI to PATH (if necessary).

After install, you can run az --version to check the install status.

[Tom-H2oThermo]

Thanks Herman, that worked.

I've been struggling with this for a long time. I've looked at a number of Learn Microsoft pages on SSO and some videos, but I don't recall having seen azure-cli as a prerequisite before. Perhaps this can be added as a note to the documentation for Microsoft Office Add-ins Development Kit. It might save someone else a lot of time.

I really appreciate your help and the Microsoft Add-ins Development Kit. I think its a great advancement and a great help to people like me. Thank you!

[Tom-H2oThermo]

Herman,

I was able to get the SSO working with my Excel add-in using the Office Addin Dev Kit. I attended the Office Add-ins community call on September 11th and I had submitted several questions. I saw where there were answers to my questions with hyperlinks, but of course since it was just a video meeting I couldn't open those hyperlinks. How can I access those answers including the hyperlinks? I don't know where to find those on the web.

Thanks,

Tom @.***)

From: Herman Wen @.> Sent: Friday, September 20, 2024 12:32 AM To: OfficeDev/OfficeAddinDevKit @.> Cc: Thomas McAuliffe @.>; Author @.> Subject: Re: [OfficeDev/OfficeAddinDevKit] [Bug] npm run configure-sso fails to open browser for authentication to Azure (Issue #9)

Seems you have not installed the azure-cli. You can install it via https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-windows?tabs=a zure-cli and add Azure CLI to PATH (if necessary).

After install, you can run az --version to check the install status.

- Reply to this email directly, view it on GitHub https://github.com/OfficeDev/OfficeAddinDevKit/issues/9#issuecomment-236293 1892 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AGEBWKQYCST6XHA6ZU2R62TZX O6MJAVCNFSM6AAAAABOLPXZL2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNRSHEZTC OBZGI . You are receiving this because you authored the thread. https://github.com/notifications/beacon/AGEBWKSIQFPWFMQG3KN3OQDZXO6MJA5CNFS M6AAAAABOLPXZL2WGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTU M255LI.gif Message ID: < @.> @.>

[MingjiaLiu1995]

Hi @Tom-H2oThermo! Usually, the answers are posted to the pnp blog in a couple of days after the call. For your questions, I can also paste them here as the blog is not published yet.

1. For submission process, please check the related document here, where it shows you how to plan a SaaS offer for the Microsoft commercial marketplace. If you have additional questions about Publish Center, you can post them in our Microsoft Partner Community

2. Single Sign-On (SSO) Authentication: Since you're already working on SSO, you're setting up a way to authenticate users based on their existing Microsoft identity. This part of the setup confirms the identity of the users. The official documentation on implementing SSO for Office Add-ins can be found here.​

3. ​Authorization via SaaS Fulfillment APIs: For authorization, you'll need to check if the user has an active subscription for your SaaS offer after they are authenticated. This involves using the Microsoft SaaS Fulfillment APIs, which allow you to verify subscription status. Here’s the documentation on SaaS Fulfillment API.

4. You can set up a test account and add the necessary information to your critical test instructions. Please check here: Microsoft 365 Store step-by-step submission guide - Marketplace publisher | Microsoft Learn

[Tom-H2oThermo]

Thanks Mingjia!

From: Mingjialiu-MS @.> Sent: Sunday, September 22, 2024 8:18 PM To: OfficeDev/OfficeAddinDevKit @.> Cc: Thomas McAuliffe @.>; Mention @.> Subject: Re: [OfficeDev/OfficeAddinDevKit] [Bug] npm run configure-sso fails to open browser for authentication to Azure (Issue #9)

Hi @Tom-H2oThermo https://github.com/Tom-H2oThermo ! Usually, the answers are posted to the pnp blog https://pnp.github.io/blog/categories/office-add-in-developer-community-call/ in a couple of days after the call. For your questions, I can also paste them here as the blog is not published yet.

1. For submission process, please check the related document here https://learn.microsoft.com/en-us/partner-center/marketplace-offers/plan-saas-offer , where it shows you how to plan a SaaS offer for the Microsoft commercial marketplace. If you have additional questions about Publish Center, you can post them in our Microsoft Partner Community https://techcommunity.microsoft.com/t5/microsoft-partner-community/ct-p/PartnerCommunity
2. Single Sign-On (SSO) Authentication: Since you're already working on SSO, you're setting up a way to authenticate users based on their existing Microsoft identity. This part of the setup confirms the identity of the users. The official documentation on implementing SSO for Office Add-ins can be found here https://learn.microsoft.com/en-us/office/dev/add-ins/develop/sso-in-office-add-ins .​

​Authorization via SaaS Fulfillment APIs: For authorization, you'll need to check if the user has an active subscription for your SaaS offer after they are authenticated. This involves using the Microsoft SaaS Fulfillment APIs, which allow you to verify subscription status. Here’s the documentation on SaaS Fulfillment API https://learn.microsoft.com/en-us/azure/marketplace/partner-center-portal/pc-saas-fulfillment-api-v2 .

1. You can set up a test account and add the necessary information to your critical test instructions. Please check here: Microsoft 365 Store step-by-step submission guide - https://learn.microsoft.com/en-us/partner-center/marketplace-offers/add-in-submission-guide Marketplace publisher | Microsoft Learn https://learn.microsoft.com/en-us/partner-center/marketplace-offers/add-in-submission-guide

— Reply to this email directly, view it on GitHub https://github.com/OfficeDev/OfficeAddinDevKit/issues/9#issuecomment-2367123561 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AGEBWKWMAFRZZPTDWH5N7H3ZX524HAVCNFSM6AAAAABOLPXZL2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNRXGEZDGNJWGE . You are receiving this because you were mentioned. https://github.com/notifications/beacon/AGEBWKUC6IUAI7NZJKCLPSDZX524HA5CNFSM6AAAAABOLPXZL2WGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTUNC5YGS.gif Message ID: @. @.> >