millerds
commented
1 year ago The SSO authentication process requires the server-side portion to securely authenticate the person using the add-in. If you put that in the client that an attacker could snatch the auth token in flight between the client and service. It is not something we can recommend.
I used yo office and chose an Excel add-in with SSO in JavaScript. The template came with an Express server. I wanted to create a single page client side only application with Yeoman. Will the server code be needed when I deploy and publish this Excel add-in for users in my organization?