none
Using Identity 1.1 in an Outlook Addin (Single Sign On). I get InvalidAuthenticationToken when trying to call a OneDrive API RRS feed

  • Question

  • Hi!

    I registered an application in the Azure server following exactly the instructions that were in the official documentation. 

    In the Office Addin, in the XML file I have (I know, there are more things than probably needed):

        <WebApplicationInfo>
          <Id>XXXXXXXX-d3af-445b-9e49-d4f1184758c2</Id>
          <Resource>api://localhost:44301/XXXXXXXX-d3af-445b-9e49-d4f1184758c2</Resource>
          <Scopes>
            <Scope>user.read</Scope>
            <Scope>files.read</Scope>
            <Scope>profile</Scope>
            <Scope>files.read.all</Scope>
            <Scope>files.readwrite</Scope>
            <Scope>files.readwrite.all</Scope>
            <Scope>sites.fullcontrol.all</Scope>
            <Scope>sites.readwrite.all</Scope>
            <Scope>MyFiles.Read</Scope>
            <Scope>MyFiles.Write</Scope>
          </Scopes>
        </WebApplicationInfo>

    So in the Addin I well get the token... but when I call:

            function uploadSampleFile() {
                console.log('Uploading file using token ' + tokenGot);
                var xmlHttp = new XMLHttpRequest();
                //xmlHttp.timeout = 10000;
                xmlHttp.onreadystatechange = function () {
                    if (this.readyState == 4 && (this.status == 200 || this.status == 201)) {
                        console.log('UPLOAD: ' + this.responseText);
                        document.getElementById('UploadStatus').innerHTML = 'File successfully uploaded to Attachments/FromSample.txt';
                    } else if (this.readyState == 4) {
                        console.log('UPLOAD: ' + this.responseText);
                        document.getElementById('UploadStatus').innerHTML = 'Error while uploading. Status=' + this.status + '(' + this.responseText+')';
                    }
                }
                xmlHttp.open("PUT", "https://graph.microsoft.com/v1.0//me/drive/root:/Attachments/FromSample.txt:/content", true); // true for asynchronous
                xmlHttp.setRequestHeader('Authorization', 'Bearer ' + tokenGot);
                document.getElementById('UploadStatus').innerHTML = 'Uploading file to Attachments/FromSample.txt';
                xmlHttp.send("This is the internal content to test");
            }
    

    I get tbhe InvalidAuthenticationToken  error.

    I think I have to configure something in the server so the token I get can be used for OneDrive for Business... but I granted all possible permissions. If for example I get the token using another different way (e.g. MSAL.js) then using the exact same App I can upload it... so it's not really linked to the API Permissions but it seems like if the token the Identity 1.1 library returns cannot be used for :

    https://graph.microsoft.com/v1.0//me/drive/root:/Attachments/FromSample.txt:/content"

    Any idea??

    Thanks

    Monday, October 21, 2019 5:31 PM