Outlook WEB Add-in execution of getAccessToken returns status code 302

…衆ロ難τιáo~ 提交于 2021-02-08 08:21:30

问题


I strictly follow this article to build an Outlook WEB Add-in, but when I execute getAccessToken I receive 302:

Missing grant for this add-in.

with name:

Preauthorization missing

Why is that? My Add-in is well registered in the portal. Do I need to do anything else? What is the grant type for this request and where should I put it in?

$("#getAccessTokenBtn").click(function () {
        Office.context.auth.getAccessTokenAsync(function (result) {
            if ("succeeded" === result.status) {
                // Use this token to call Web API
                var ssoToken = result.value; 
            } else {
                if (13003 === result.error.code) {
                    // SSO is not supported for domain user accounts, only
                    // work or school (Office 365) or Microsoft Account IDs.
                } else {
                    // Handle error
                }
            }
        });
    });

This is my manifest:

<VersionOverrides xmlns="http://schemas.microsoft.com/office/mailappversionoverrides/1.1" xsi:type="VersionOverridesV1_1">
  <Requirements>
    <bt:Sets DefaultMinVersion="1.3">
      <bt:Set Name="Mailbox" />
    </bt:Sets>
  </Requirements>
  <Hosts>
    <Host xsi:type="MailHost">
        ...
    </Host>
  </Hosts>

  <Resources>
    ...
  </Resources>

  <WebApplicationInfo>
    <Id>94x668mb-461c-4r4e-851n-fb9721222e31</Id>
    <Resource>api://localhost:44374/94x668mb-461c-4r4e-851n-fb9721222e31</Resource>
    <Scopes>
      <Scope>profile</Scope>
      <Scope>user.read</Scope>
    </Scopes>
  </WebApplicationInfo>
</VersionOverrides>

I found the troubleshooting page that suggests for error 13005 the following:

13005 Invalid Grant. This usually means that Office has not been pre-authorized to the add-in's web service. For more information, see Create the service application and Register the add-in with Azure AD v2.0 endpoint (ASP.NET) or Register the add-in with Azure AD v2.0 endpoint (Node JS). This also may happen if the user has not granted your service application permissions to their profile.

What does that even mean?

Before I ask for Access Token, should I consent following this documentation, by just navigating to the the URL below?

https://login.microsoftonline.com/common/adminconsent?client_id=94x668mb-461c-4r4e-851n-fb9721222e31

回答1:


Yes. When developing, you have to grant admin consent as described here.

Another possibility for why you are getting that error is that you haven't preauthorized Outlook to the addin. When you register the add-in with AAD 2.0, be sure that you've done step 10 of this article: Register SSO add-in with AAD 2.0. Finally, if you haven't already, check out this article for any special factors that apply to Outlook addins: Authenticate (Outlook) user with an SSO token



来源:https://stackoverflow.com/questions/50676796/outlook-web-add-in-execution-of-getaccesstoken-returns-status-code-302

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!