none
Sample needed: Seamless authentication in Outlook add-in using refresh tokens RRS feed

  • Question

  • Hi

    We are in need of guidance and/or a sample on how to implement persistent and "seamless" authentication in Outlook Add-in implemented as SPA including refresh tokens and with add-in and web API in different domains which limits the use of the dialog API.

    Old solution was to use hidden iFrame to silently authenticate user (if user was already logged in in IE) and then access token was sent as Authorization Bearer token with each request to our backend WebAPI. If user wasn't logged in we prompted user to log in and opened popup (not using new Dialog API) with login dialog. This solution is not working anymore with new Edge WebView that was released recently as add-in is working in isolated context now.

    We have some issues with following sample:

    github.com/OfficeDev/PnP-OfficeAddins/tree/master/Samples/auth/Outlook-Add-in-Microsoft-Graph-ASPNET

    It's designed for MVC app, not SPA with WebAPI. It doesn't take refresh tokens into consideration, so session expires after short time and we have some issues to adapt it to our needs as we have our add-in and WebAPI in different domains (so e.g. cookies are not shared, we can't open page in different domain using dialog API etc.) 

    Our target is to allow users to sign in only once and keep authentication persistent for next sessions until user explicitly logs out. We would like confirmation that's the best we can achieve currently using Edge WebView (we can't achieve real Seamless SSO as add-in is isolated and we don't have access to SSO cookie). Office Add-ins SSO is in preview and we understand that it's not really possible to use it in production (we can't force users to use Insiders build). Is there any expected release date? I believe this one is in preview for really long time (2 years).

    Thanks in advance

    Martin

    Friday, August 30, 2019 1:45 PM

All replies