search

OfficeDev / office-js

A repo and NPM package for Office.js, corresponding to a copy of what gets published to the official "evergreen" Office.js CDN, at https://appsforoffice.microsoft.com/lib/1/hosted/office.js.
https://learn.microsoft.com/javascript/api/overview
Other
690 stars 95 forks source link

Outlook NAA Android acquireTokenSilent launches a popup and crashes #5001

Open dariussantaras opened 1 month ago

dariussantaras commented 1 month ago

Provide required information needed to triage your issue

I've implemented NAA in an Outlook Add-in based on samples. The code attempts to get the token silently and fallback to the old auth method in case it fails (getUserIdentityTokenAsync). When running the add-in on an Android device, the acquireTokenSilent function launches another android activity, fails and then crashes out to the main page of Outlook, exiting from the draft email.

Your Environment

Expected behavior

When acquireTokenSilent is called, I would expect either the app not to try navigate to a different screen, or it should get back to the previous screen (draft email) and let my add-in code continue running.

Current behavior

Currently, acquireTokenSilent launches a new activity where (I assume) an error is raised. When the app comes back to Outlook, it 'crashes' back out to the main page, rather than staying in the draft email. My add-in code does not run past that point, so it cannot handle the error and continue. The user is also thrown out of the email draft, so they can't realistically send any emails.

Here is a gif showing the issue: My only interaction is clicking the new email button, then the add-in activates and tries to call acquireTokenSilent. Past that point, my code never executes further.

outlook-android

Steps to reproduce

  1. Have an event-based activation add-in installed that attempts to call acquireTokenSilent
  2. Trigger add-in activation

Link to live example(s)

The add-in manifest and the source code is in this repo: https://github.com/dariussantaras/android-naa/blob/main/manifest.xml

This add-in can be installed and will have this issue.

Provide additional details

Context

I'm trying to implement NAA in my add-in to move away from legacy tokens. I want to do it in a way that is non destructive and has a fallback: if NAA fails, I want the add-in to use the legacy token. To do this, I try to get the NAA token silently and if it fails, I get the legacy token. This issue prevents me from implementing NAA completely, because the app crashes without letting me know of any errors and my code cannot continue

Useful logs

Thank you for taking the time to report an issue. Our triage team will respond to you in less than 72 hours. Normally, response time is <10 hours Monday through Friday. We do not triage on weekends.

dariussantaras commented 4 weeks ago

After some testing, it seems to be affecting iOS too. The Outlook app seems to crash completely when NAA token is requested.

DivyaPatidar commented 3 weeks ago

@dariussantaras Can you please collect the logs on both iOS and Android as mentioned here and share?

dariussantaras commented 3 weeks ago

Incident ID on Android: RQYDRY78

mmanjaree-msft commented 2 weeks ago

@dariussantaras Is this issue happening in all accounts or specific ones. Also please share the Request for NAA in a private repo

dariussantaras commented 2 weeks ago

I tried it on two accounts and it happened on both.

Full add-in code I used can be found here: https://github.com/dariussantaras/android-naa/tree/main

anjalitp commented 1 week ago

@dariussantaras Thanks for providing the code. We are able to repro the issue, and it is under investigation. Internal Tracking ID: 5029803

nshallred commented 1 week ago

We are also experiencing what appears to be a similar crash on the latest version of Mac OS (Sequoia) using the same add-in code to access NAA.

Crash details

Error Signature: Exception: EXC_BAD_ACCESS ExceptionEnumString: 1 Exception Code: KERN_INVALID_ADDRESS (0x0000000000000050) Date/Time: 2024-11-12 16:10:06 +0000 Application Name: Microsoft Outlook Application Bundle ID: com.microsoft.Outlook Application Signature: OPIM Application Bitness: x64 Application Version: 16.90.0.24101387 Crashed Module Name: mso30 Crashed Module Version: 16.90.24101387 Crashed Module Offset: 0x000000000013c56c Blame Module Name: mso30 Blame Module Version: 16.90.24101387 UnsymbolicatedChecksum: DCF47775367EC2A04CA5CF22F4C639D7 Blame Module Offset: 0x000000000013c56c StackHash: c38179eb1592c3dc_1_0x000000000013c56c_bk_phx_arm Application LCID: 1033 Extra app info: Reg=en Loc=0x0409 Build Type: Release Crashed thread Stack Pointer: 0x_000000016becaac0 Crashed thread: 27

mobisw-msft commented 4 days ago

Hey @nshallred ,

The issue that we have investigated above is an expected issue, and has been resolved by calling aquireTokenPopup if aquireTokenSilent fails, as per the documentation here: https://learn.microsoft.com/en-us/office/dev/add-ins/develop/enable-nested-app-authentication-in-your-add-in

image

You can refer to this as an example for the same.

If this does not solve your issue, please do open a new Github issue with the necessary details and we can look into it.