search

OfficeDev / office-js

A repo and NPM package for Office.js, corresponding to a copy of what gets published to the official "evergreen" Office.js CDN, at https://appsforoffice.microsoft.com/lib/1/hosted/office.js.
https://learn.microsoft.com/javascript/api/overview
Other
679 stars 95 forks source link

NAA: Unable to acquire access token for event-based activation (onMessageSend) #4764

Closed manuelsidler closed 1 month ago

manuelsidler commented 2 months ago

Your Environment

Expected behavior

Acquiring an access token for event-based activation (onMessageSend) via NAA works the same as inside the taskpane.

Current behavior

Acquiring an access token results in ServerError

Code snippet of the message send handler:

createNestablePublicClientApplication({
    auth: {
        clientId: 'xxx',
        authority: 'https://login.microsoftonline.com/common'
    },
    system: {
        loggerOptions: {
            logLevel: LogLevel.Verbose,
            loggerCallback: (level: LogLevel, message: string) => {
                switch (level) {
                    case LogLevel.Error:
                        console.error(message)
                        return
                    case LogLevel.Info:
                        console.info(message)
                        return
                    case LogLevel.Verbose:
                        console.debug(message)
                        return
                    case LogLevel.Warning:
                        console.warn(message)
                        return
                }
            },
            piiLoggingEnabled: true
        }
    }
})
    .then((clientApp) => {
        const scopes = ['Mail.ReadWrite']
        const redirectUri = 'https://localhost:5173'
        const loginHint = Office.context.mailbox.userProfile.emailAddress

        const account = clientApp.getAccountByUsername(loginHint)
        const acquireTokenSilent = account
            ? clientApp.acquireTokenSilent({
                    scopes,
                    account,
                    redirectUri
                })
            : clientApp.ssoSilent({
                    loginHint,
                    scopes,
                    redirectUri
                })

        acquireTokenSilent
            .then((result) => console.log(result.accessToken))
            .catch((error) => {
                console.log('acquire token silently failed. Get by popup...')
                console.error(error)

                clientApp
                    .acquireTokenPopup({
                        scopes,
                        redirectUri
                    })
                    .then((popupResult) => console.log(popupResult.accessToken))
                    .catch((error) => {
                        console.log('acquire token by popup failed.')
                        console.error(error)
                    })
            })
    })
    .catch((error) => {
        console.error(error)
    })

Steps to reproduce

  1. Create an Outlook add-in with event-based activiation and onMessageSend handler
  2. Use the snippet above to acquire an access token inside the message send handler

Useful logs

07/08/2024 15:00:04 Verbose Runtime [Console] [Log] [Wed, 07 Aug 2024 13:00:04 GMT] : [] : @azure/msal-browser@3.20.0 : Info - Nested App Auth Bridge available: true       
07/08/2024 15:00:04 Verbose Runtime [Console] [Log] [Wed, 07 Aug 2024 13:00:04 GMT] : [] : @azure/msal-browser@3.20.0 : Verbose - BrowserCrypto: modern crypto interface available      
07/08/2024 15:00:04 Verbose Runtime [Console] [Log] [Wed, 07 Aug 2024 13:00:04 GMT] : [] : @azure/msal-browser@3.20.0 : Verbose - BrowserConfigurationAuthError: storage_not_supported: Given storage configuration option was not supported.       
07/08/2024 15:00:04 Verbose Runtime [Console] [Log] [Wed, 07 Aug 2024 13:00:04 GMT] : [] : @azure/msal-browser@3.20.0 : Verbose - BrowserCacheManager.getAccountKeys - No account keys found        
07/08/2024 15:00:04 Verbose Runtime [Console] [Log] [Wed, 07 Aug 2024 13:00:04 GMT] : [] : @azure/msal-browser@3.20.0 : Verbose - getAccount: No matching account found, returning null     
07/08/2024 15:00:04 Verbose Runtime [Console] [Log] [Wed, 07 Aug 2024 13:00:04 GMT] : [] : @azure/msal-browser@3.20.0 : Verbose - setActiveAccount: No account passed, active account not set       
07/08/2024 15:00:04 Verbose Runtime [Console] [Log] [Wed, 07 Aug 2024 13:00:04 GMT] : [] : @azure/msal-browser@3.20.0 : Verbose - BrowserCacheManager.getAccountKeys - No account keys found        
07/08/2024 15:00:04 Verbose Runtime [Console] [Log] [Wed, 07 Aug 2024 13:00:04 GMT] : [] : @azure/msal-browser@3.20.0 : Verbose - getAccountByUsername: No matching account found, returning null       
07/08/2024 15:00:04 Verbose Runtime [Console] [Log] [Wed, 07 Aug 2024 13:00:04 GMT] : [] : @azure/msal-browser@3.20.0 : Info - Emitting event: msal:acquireTokenStart       
07/08/2024 15:00:04 Verbose Runtime [Console] [Log] [Wed, 07 Aug 2024 13:00:04 GMT] : [] : @azure/msal-browser@3.20.0 : Verbose - BrowserCacheManager.getAccountKeys - No account keys found        
07/08/2024 15:00:04 Verbose Runtime [Console] [Log] [Wed, 07 Aug 2024 13:00:04 GMT] : [] : @azure/msal-browser@3.20.0 : Verbose - getAccount: No matching account found, returning null     
07/08/2024 15:00:04 Verbose Runtime [Console] [Log] [Wed, 07 Aug 2024 13:00:04 GMT] : [] : @azure/msal-browser@3.20.0 : Verbose - No active account found, falling back to the host     
07/08/2024 15:00:04 Verbose Runtime [Console] [Log] [Wed, 07 Aug 2024 13:00:04 GMT] : [] : @azure/msal-browser@3.20.0 : Error - Cached tokens are not found for the account, proceeding with silent token request.      
07/08/2024 15:00:04 Unexpected  Runtime [Error] [Log] console.error: [Wed, 07 Aug 2024 13:00:04 GMT] : [] : @azure/msal-browser@3.20.0 : Error - Cached tokens are not found for the account, proceeding with silent token request.
Object.h [as error]
foundation.win32.bundle:57:1965
_Logger.loggerCallback [as localCallback]
C:\Users\manuel\AppData\Local\Microsoft\Office\16.0\Wef\{F3CA16E1-316B-44E6-B878-1D17DB9631EF}\a_tR7qffwhEaRODfyEFigA==\Javascript\89ca397d-15a9-4619-9e3a-363057b68df8_1.0.0.0_en-US\bundle.js:11446:24
_Logger.executeCallback
C:\Users\manuel\AppData\Local\Microsoft\Office\16.0\Wef\{F3CA16E1-316B-44E6-B878-1D17DB9631EF}\a_tR7qffwhEaRODfyEFigA==\Javascript\89ca397d-15a9-4619-9e3a-363057b68df8_1.0.0.0_en-US\bundle.js:2124:31
_Logger.logMessage
C:\Users\manuel\AppData\Local\Microsoft\Office\16.0\Wef\{F3CA16E1-316B-44E6-B878-1D17DB9631EF}\a_tR7qffwhEaRODfyEFigA==\Javascript\89ca397d-15a9-4619-9e3a-363057b68df8_1.0.0.0_en-US\bundle.js:2118:9
_Logger.error
C:\Users\manuel\AppData\Local\Microsoft\Office\16.0\Wef\{F3CA16E1-316B-44E6-B878-1D17DB9631EF}\a_tR7qffwhEaRODfyEFigA==\Javascript\89ca397d-15a9-4619-9e3a-363057b68df8_1.0.0.0_en-US\bundle.js:2130:9
_NestedAppAuthController.<anonymous>
C:\Users\manuel\AppData\Local\Microsoft\Office\16.0\Wef\{F3CA16E1-316B-44E6-B878-1D17DB9631EF}\a_tR7qffwhEaRODfyEFigA==\Javascript\89ca397d-15a9-4619-9e3a-363057b68df8_1.0.0.0_en-US\bundle.js:10664:33
Generator.next
<anonymous>:0:0
fulfilled
C:\Users\manuel\AppData\Local\Microsoft\Office\16.0\Wef\{F3CA16E1-316B-44E6-B878-1D17DB9631EF}\a_tR7qffwhEaRODfyEFigA==\Javascript\89ca397d-15a9-4619-9e3a-363057b68df8_1.0.0.0_en-US\bundle.js:25:21

07/08/2024 15:00:04 Verbose Runtime [Console] [Log] [Wed, 07 Aug 2024 13:00:04 GMT] : [] : @azure/msal-browser@3.20.0 : Info - Emitting event: msal:acquireTokenFailure         
07/08/2024 15:00:04 Verbose Runtime [Console] [Log] [Wed, 07 Aug 2024 13:00:04 GMT] : [] : @azure/msal-browser@3.20.0 : Info - Emitting event: msal:acquireTokenFailure     
07/08/2024 15:00:04 Verbose Runtime [Console] [Log] acquire token silently failed. Get by popup...      
07/08/2024 15:00:04 Verbose Runtime [Console] [Log] { [ServerError]
  errorCode: '',
  errorMessage: '',
  subError: '',
  name: 'ServerError',
  errorNo: undefined,
  status: undefined }       
07/08/2024 15:00:04 Unexpected  Runtime [Error] [Log] ServerError: 
_NestedAppAuthAdapter.fromBridgeError
C:\Users\manuel\AppData\Local\Microsoft\Office\16.0\Wef\{F3CA16E1-316B-44E6-B878-1D17DB9631EF}\a_tR7qffwhEaRODfyEFigA==\Javascript\89ca397d-15a9-4619-9e3a-363057b68df8_1.0.0.0_en-US\bundle.js:10475:17
_NestedAppAuthController.<anonymous>
C:\Users\manuel\AppData\Local\Microsoft\Office\16.0\Wef\{F3CA16E1-316B-44E6-B878-1D17DB9631EF}\a_tR7qffwhEaRODfyEFigA==\Javascript\89ca397d-15a9-4619-9e3a-363057b68df8_1.0.0.0_en-US\bundle.js:10640:48
Generator.throw
<anonymous>:0:0
rejected
C:\Users\manuel\AppData\Local\Microsoft\Office\16.0\Wef\{F3CA16E1-316B-44E6-B878-1D17DB9631EF}\a_tR7qffwhEaRODfyEFigA==\Javascript\89ca397d-15a9-4619-9e3a-363057b68df8_1.0.0.0_en-US\bundle.js:31:26

07/08/2024 15:00:04 Verbose Runtime [Console] [Log] [Wed, 07 Aug 2024 13:00:04 GMT] : [] : @azure/msal-browser@3.20.0 : Info - Emitting event: msal:acquireTokenStart       
07/08/2024 15:00:04 Verbose Runtime [Console] [Log] [Wed, 07 Aug 2024 13:00:04 GMT] : [] : @azure/msal-browser@3.20.0 : Info - Emitting event: msal:acquireTokenFailure     
07/08/2024 15:00:04 Verbose Runtime [Console] [Log] acquire token by popup failed.      
07/08/2024 15:00:04 Verbose Runtime [Console] [Log] { [ServerError]
  errorCode: '',
  errorMessage: '',
  subError: '',
  name: 'ServerError',
  errorNo: undefined,
  status: undefined }       
07/08/2024 15:00:04 Unexpected  Runtime [Error] [Log] ServerError: 
_NestedAppAuthAdapter.fromBridgeError
C:\Users\manuel\AppData\Local\Microsoft\Office\16.0\Wef\{F3CA16E1-316B-44E6-B878-1D17DB9631EF}\a_tR7qffwhEaRODfyEFigA==\Javascript\89ca397d-15a9-4619-9e3a-363057b68df8_1.0.0.0_en-US\bundle.js:10475:17
_NestedAppAuthController.<anonymous>
C:\Users\manuel\AppData\Local\Microsoft\Office\16.0\Wef\{F3CA16E1-316B-44E6-B878-1D17DB9631EF}\a_tR7qffwhEaRODfyEFigA==\Javascript\89ca397d-15a9-4619-9e3a-363057b68df8_1.0.0.0_en-US\bundle.js:10605:48
Generator.throw
<anonymous>:0:0
dahuja10 commented 2 months ago

Hi @manuelsidler, thanks for reporting the issue. Can you please share the add-in in a private repo and give access to @exextoc. This way we will be able to investigate faster.

manuelsidler commented 2 months ago

@dahuja10 @exextoc I created a public GitHub repository to reproduce the issue: https://github.com/manuelsidler/outlook-naa-sample

There's also an issue when using NAA for event-based activation on the web and Mac:

Uncaught SyntaxError: Identifier 'Logger' has already been declared (at launchEvent.js:1:1)

It seems like a variable scope conflict between Officejs and azure/msal-browser.

davidchesnut commented 2 months ago

Hi @manuelsidler I want to mention there is a new NAA sample in PR that shows how to implement NAA in events. In particular you have to be careful how to configure webpack to avoid pulling in hot reload code when importing MSAL JS. https://github.com/OfficeDev/Office-Add-in-samples/pull/832

Hoping this helps with the issues you are seeing!

manuelsidler commented 2 months ago

@davidchesnut I updated my sample repository (see comment above) based on your PR. Now I get the following error:

27/08/2024 15:48:10 Verbose Runtime [Console] [Log] { status: 'PERSISTENT_ERROR' }
27/08/2024 15:48:10 Verbose Runtime [Console] [Log] [Tue, 27 Aug 2024 13:48:10 GMT] : [] : @azure/msal-browser@3.21.0 : Info - Could not initialize Nested App Auth bridge ([object Object])
27/08/2024 15:48:10 Verbose Runtime [Console] [Log] [Tue, 27 Aug 2024 13:48:10 GMT] : [] : @azure/msal-browser@3.21.0 : Info - Nested App Auth Bridge available: false
27/08/2024 15:48:10 Verbose Runtime [Console] [Log] [Tue, 27 Aug 2024 13:48:10 GMT] : [] : @azure/msal-browser@3.21.0 : Verbose - BrowserCrypto: modern crypto interface available
27/08/2024 15:48:10 Verbose Runtime [Console] [Log] [Tue, 27 Aug 2024 13:48:10 GMT] : [] : @azure/msal-browser@3.21.0 : Verbose - BrowserConfigurationAuthError: storage_not_supported: Given storage configuration option was not supported.
27/08/2024 15:48:10 Verbose Runtime [Console] [Log] [Tue, 27 Aug 2024 13:48:10 GMT] : [] : @azure/msal-browser@3.21.0 : Info - Emitting event: msal:initializeStart
27/08/2024 15:48:10 Verbose Runtime [Console] [Log] [Tue, 27 Aug 2024 13:48:10 GMT] : [] : @azure/msal-browser@3.21.0 : Verbose - Claims-based caching is disabled. Clearing the previous cache with claims
27/08/2024 15:48:10 Verbose Runtime [Console] [Log] [Tue, 27 Aug 2024 13:48:10 GMT] : [] : @azure/msal-browser@3.21.0 : Verbose - BrowserCacheManager.getTokenKeys - No token keys found
27/08/2024 15:48:10 Verbose Runtime [Console] [Log] [Tue, 27 Aug 2024 13:48:10 GMT] : [] : @azure/msal-browser@3.21.0 : Info - Emitting event: msal:initializeEnd
27/08/2024 15:48:10 Verbose Runtime [Console] [Log] Unable to get Graph access token: TypeError: Cannot read properties of undefined (reading 'hash')
Object.h [as error] foundation.win32.bundle:57:1965

C:\Users\manuel\AppData\Local\Microsoft\Office\16.0\Wef\{F3CA16E1-316B-44E6-B878-1D17DB9631EF}\a_tR7qffwhEaRODfyEFigA==\Javascript\21f402cd-0052-4c5f-b9ca-700b80899e89_1.0.0.0_en-US\bundle.js:11256:14 Generator.throw :0:0 rejected C:\Users\manuel\AppData\Local\Microsoft\Office\16.0\Wef\{F3CA16E1-316B-44E6-B878-1D17DB9631EF}\a_tR7qffwhEaRODfyEFigA==\Javascript\21f402cd-0052-4c5f-b9ca-700b80899e89_1.0.0.0_en-US\bundle.js:31:26
manuelsidler commented 1 month ago

@davidchesnut acquiring an access token via NAA in send event now works with beta channel version 16.0.18028.20004

davidchesnut commented 1 month ago

Glad it's all working! The sample is now published at https://github.com/OfficeDev/Office-Add-in-samples/tree/main/Samples/auth/Outlook-Event-SSO-NAA. Closing this issue for now but let us know if you need help with anything else. Thanks!