Addin fails to load in trident (Outlook) systems when NAA-SSO authentication is used.

[glr0221]

I have successfully incorporated NAA-SSO authentication in my addin. I was using this sample as basis for my implementation. Everything was working fine OWA, mobile and outlook clients. However, when I tried to load the addin in TRIDENT windows-outlook clients, my addin could not be loaded.

Expected Behavior

I fully expect that NAA-SSO will not run in trident systems. However, it should not cause for the addin to not be loaded. I tried adding try-catch around 'createPublicClientApplication()' but it does not go into the 'catch' flow.

Current Behavior

Currently, if an addin adds support for NAA-SSO, and follows the sample provided, then the addin won't be loaded in trident systems.

Steps to Reproduce, or Live Example

• Link to live example: __ I don't know if this will help in the debugging process, but somehow this can be reproduced using the sample . Just make sure that the target Outlook client is a windows-trident outlook client.

• Additional details: Just follow the sample for SSO-NAA. And then make sure to test and load it in a trident outlook instance.

Context

Imagine that you have an addin that runs on a lot of end points. And those endpoints are a mix of the new versions and trident systems. Currently, without NAA-SSO, your addin works great, behaves and functions as designed. Then you update your addin to support NAA-SSO, and it fails to load the trident systems.

Your Environment

• Platform [PC desktop, Mac, iOS, Office Online]: Windows 10 PC
• Host [Excel, Word, PowerPoint, etc.]: Outlook Trident
• Office version number: 16.0.10730.20348
• Operating System: Windows 10
• Browser (if using Office Online): NA

Useful logs

• [ ] Console errors
• [ ] Screenshots
• [ ] Test file (if only happens on a particular file)

[bntv-config]

Any update in thus issue ?

[davidchesnut]

Hi @glr0221, Unfortunately MSAL v3 (for NAA) won't run on Trident (IE webview). We're working on providing a sample that will show how to fall back to MSAL v2 so that your add-in can still authenticate and run. That is on the backlog.

Thanks! David

[glr0221]

Hello @davidchesnut . Thanks for your response and for the sample in advance. Very much appreciated.

The other concern I have is the upcoming October 2024 deadline :

Exchange user identity tokens and callback tokens are deprecated and will begin to be turned off in October 2024. We recommend moving Outlook add-ins that use legacy Exchange tokens to nested app authentication.

Are there plans to extend the October 2024 deprecation while NAA still has some issues? Thank you.

[davidchesnut]

The timeline is in our FAQ

So just to help clarify... Only tenants with Current Channel clients will have Exchange tokens turned off in October. And then it will only be tenants we know are not using Exchange tokens. So you shouldn't see add-ins affected yet. In January 2025 is when you'll see all Current Channel tenants having Exchange tokens turned off. So January is definitely when you're going to want your add-in ready.

Cheers, David

[glr0221]

@davidchesnut Thank you for the timeline and the link explaining it. Looking forward to get the NAA-SSO in place way before the June 2025 deadline.