search

OfficeDev / office-js

A repo and NPM package for Office.js, corresponding to a copy of what gets published to the official "evergreen" Office.js CDN, at https://appsforoffice.microsoft.com/lib/1/hosted/office.js.
https://learn.microsoft.com/javascript/api/overview
Other
675 stars 95 forks source link

NAA - Queries for App registration on Azure Portal, Application (Client) ID and AppSource #4977

Open ashu66867 opened 6 days ago

ashu66867 commented 6 days ago

Our add-in is already published to AppSource and is used by multiple tenants. I am trying to use NAA. I have the following questions:

  1. Is it safe to have Application (client) ID hard coded in the client side code? I am following this tutorial for NAA authentication.
  2. Can onmicrosoft.com tenant be used for app registration & adding SPA redirect Uris considering our add-in will be used by multiple tenants?
  3. Once my client SPA receives the access token by NAA, Can I send this token to my server-side and call graph api from there? Do I need to do extra registrations steps?
  4. I found the below option on our AppSource listing. Is this required for using NAA? NAA- q1
pkkj commented 8 hours ago

Answer for some questions:

  1. Yes. You need this ID for calling NAA API.
  2. You can register in an onmicrosoft.com tenant, but for multi-tenant applications the publisher needs to be verified to not get a warning as described in this document. The page does mention the apps publisher domain can't be onmicrosoft.com to be verified.
  3. Yes you could return it to server, though the token is used in the client in most scenarios.