search

OfficeDev / office-js

A repo and NPM package for Office.js, corresponding to a copy of what gets published to the official "evergreen" Office.js CDN, at https://appsforoffice.microsoft.com/lib/1/hosted/office.js.
https://learn.microsoft.com/javascript/api/overview
Other
681 stars 95 forks source link

Deciding authentication strategy on Office-js Outlook add-in #5033

Closed tomaskukk closed 11 hours ago

tomaskukk commented 1 day ago

With the introduction of NAA, there are three ways to authenticate users & make calls to MS Mailbox API's.

How to decide the authentication strategy

Our add-in needs to support both on premise users, as well as cloud based users. This means that we need to be able to handle both exchange online token fetching + Graph identity & access token fetching via NAA.

My main question is:

How can we check if a user has access to either, or do we need try both? We shouldn't try NAA for on premise customers, as it will yield popups they don't shouldn't see. We can try exchange online token fetching first, and default to NAA, but that adds some overhead. Also we don't know exactly how the deprecation of exchange online tokens will be done in code level, will the underlying functions (getUserIdentityTokenAsync & getCallbackTokenAsync) throw, or something else?

Is there a way to check before fetching the tokens, if one should be used or the other?

Thank you!

RuizhiSunMS commented 1 day ago

@jargil Looks this is a QA for NAA.

nubaliga commented 11 hours ago

Hello! Github issues are for reporting potential bugs or errors in our documentation. To have your question answered, please post this to Stack Overflow and tag it with office-js. Thanks!