OfficeDev / office-js

A repo and NPM package for Office.js, corresponding to a copy of what gets published to the official "evergreen" Office.js CDN, at https://appsforoffice.microsoft.com/lib/1/hosted/office.js.
https://learn.microsoft.com/javascript/api/overview
Other
685 stars 95 forks source link

Excel: OfficeDialog and Taskpane RHP not sharing the same Local Storage #3820

Open areddy294 opened 1 year ago

areddy294 commented 1 year ago

Any key value pairs stored in the Local Storage are not accessible between the dialog and Taskpane RHP

Your Environment

Expected behavior

We have followed the official MSFT documentation here 'https://learn.microsoft.com/en-us/office/dev/add-ins/develop/auth-with-office-dialog-api' and designed our Excel OfficeJS Addin login mechanism relying solely on the msal package and local storage being shared between dialog and RHP.

Current behavior

Until a week ago, the local storage was shared between the dialog and RHP and our login mechanism worked fine. From 11/03/2023, we noticed that our login mechanism isn't finishing, and upon debugging, we noticed that the issue is with localstorage no longer being shared between dialog and RHP. We also noticed that the same link mentioned above, that suggests to use Local Storage, has a "note" added, which says there is a bug with local storage, but that note doesn't have any further info, or potential resolution plan.

Steps to reproduce

Any local storage values set from RHP are not accessible in OfficeDialog opened by the same RHP, and vice versa.

Context

Without the local storage being shared, although msal logs-in the user using the office dialog and the msal redirect approach, the RHP is not aware of the logged in user. We understand messageParent is an alternative, but messageParent can only be used to send one-off messages from parent to child, but for something like auth which needs to be put in longer term storage, adding it to local storage is the most common approach and is also the approach suggested from the docs. Also, MSAL can be configured to automatically use the LocalStorage, which is what we have used, but with the current change, although the Dialog's instance of MSAL sets the auth context in LocalStorage, RHP is not aware of it, as it is not sharing the same local storage.

This is directly affecting our login flow and all our users. The docs seem to acknowledge this as a bug here: https://learn.microsoft.com/en-us/office/dev/add-ins/develop/auth-with-office-dialog-api#you-usually-cannot-use-the-librarys-internal-cache-to-store-tokens and here: https://learn.microsoft.com/en-us/office/dev/add-ins/develop/parent-to-dialog but there is no further information and workarounds for this.

penglongzhaochina commented 1 year ago

Thank you for reporting this issue, we are actively working on it. We will let you know once we have any progress.

manuelsidler commented 1 year ago

We noticed the same issue with our Taskpane app in Word (custom authentication provider, not MSAL)

hello-chenchen commented 11 months ago

https://learn.microsoft.com/en-us/office/dev/add-ins/testing/runtimes#share-data-across-runtimes https://developers.google.com/privacy-sandbox/3pcd/storage-partitioning

all the browser change this behaviour. i think MS office should provide a solution for us. not just told us to disable it!!! how we told all the customer to let them do that?

go to chrome://flags or edge://flags, then set the Experimental third-party storage partitioning (#third-party-storage-partitioning) flag to Disabled.