在 Outlook 365 Web 插件 13005 中获取 SSO 时出错.缺少预授权 [英] Error getting SSO in Outlook 365 web addin 13005. Preauthorization missing
问题描述
我正在开发一个 Outlook 插件,我正在尝试获取 SSO 令牌以调用 Graph API.我指的是这个链接来开发我的插件
我的 JavaScript 代码:
Office.initialize = 函数(原因){//console.log("In Office.initialize ", reason);$(document).ready(function () {//console.log("In Office.ready ");如果 (OfficeHelpers.Authenticator.isAuthDialog()) 返回;var element = document.querySelector('.ms-MessageBanner');messageBanner = new fabric.MessageBanner(element);messageBanner.hideBanner();验证器 = 新的 OfficeHelpers.Authenticator();authenticationator.endpoints.registerMicrosoftAuth(authConfig.clientId, {重定向网址:authConfig.redirectUrl,范围:authConfig.scopes});//loadProps();});};函数 GetSSOToken(DataObj) {varattachmentIds = getAtchementIdList();//if (Office.context.auth !== undefined && Office.context.auth.getAccessToken !== undefined) {if (OfficeRuntime.auth !== undefined && OfficeRuntime.auth.getAccessToken !== undefined) {OfficeRuntime.auth.getAccessToken().then(function (result) {如果(result.status ===成功"){//无需提示用户,使用此令牌调用Web APIsaveEmailWithSSO(result.value,attachmentIds,DataObj);} else if (result.error.code == 13007 || result.error.code == 13005) {console.log('error:', result.error.code);//这些错误代码表示我们需要提示同意//Office.context.auth.getAccessTokenAsync({ forceConsent: true }, function (result) {OfficeRuntime.auth.getAccessToken({ allowConsentPrompt: true, allowSignInPrompt: true }, function (result) {如果(result.status ===成功"){console.log('AccessToken:', result.value);saveEmailWithSSO(result.value,attachmentIds,DataObj);} 别的 {//无法获取 SSO 令牌,继续进行身份验证提示console.log('in with prompt else1 ');//console.log('error:', result.error.code);saveEmailWithPrompt(attachmentIds);}});} 别的 {//无法获取 SSO 令牌,继续进行身份验证提示console.log('in with prompt else2 ');console.log('error:', result.error.code);saveEmailWithPrompt(attachmentIds);}}).catch(函数(错误){console.log('in catch', error);});}上面的代码总是在 Catch 块中结束,错误 13005,缺少预授权,缺少此插件的授权.
我也参考了此链接并对其进行了更改 我可以看到这个错误
已解决!经过数小时的头脑风暴,我能够通过再次修改文档来解决这个错误.我忽略了
I am working upon an outlook add-in and I am trying to get SSO token to call Graph API. I am referring this link to develop my addin Outlook addin SSO. I registered my App in Azure AD (multi-tenant). and followed everything step by step
I added version override to Manifest
<Id>Client_id-xxx-xxx</Id>
<Resource>api://localhost:44361/Client_id-xxx-xxx</Resource>
<Scopes>
<Scope>openid</Scope>
<Scope>offline_access</Scope>
<Scope>profile</Scope>
<Scope>Files.ReadWrite</Scope>
<Scope>Mail.Read</Scope>
<Scope>User.Read</Scope>
<Scope>email</Scope>
</Scopes>
</WebApplicationInfo>
authconfig.js
var authConfig = {
clientId:"Client_id-xxx-xxx",
scopes: "Files.ReadWrite Mail.Read openid offline_access profile email User.Read",
redirectUrl: "https://localhost:44361/MessageRead.html"
};
Web.config
<appSettings>
<add key="ida:AppId" value="Client_Id_xx-xx" />
<add key="ida:Audience" value="Client_id_xx_xx" />
<add key="ida:AppPassword" value="app_Password" />
<add key="ida:RedirectUri" value="https://localhost:44361/MessageRead.html" />
<add key="ida:Authority" value="https://login.microsoftonline.com/common/oauth2/v2.0" />
</appSettings>
I have granted the admin consent to all users in the tenant as well. (see attachment)
My javascript code :
Office.initialize = function (reason) {
// console.log("In Office.initialize ", reason);
$(document).ready(function () {
// console.log("In Office.ready ");
if (OfficeHelpers.Authenticator.isAuthDialog()) return;
var element = document.querySelector('.ms-MessageBanner');
messageBanner = new fabric.MessageBanner(element);
messageBanner.hideBanner();
authenticator = new OfficeHelpers.Authenticator();
authenticator.endpoints.registerMicrosoftAuth(authConfig.clientId, {
redirectUrl: authConfig.redirectUrl,
scope: authConfig.scopes
});
//loadProps();
});
};
function GetSSOToken(DataObj) {
var attachmentIds = getAttechamentIdList();
//if (Office.context.auth !== undefined && Office.context.auth.getAccessToken !== undefined) {
if (OfficeRuntime.auth !== undefined && OfficeRuntime.auth.getAccessToken !== undefined) {
OfficeRuntime.auth.getAccessToken().then(function (result) {
if (result.status === "succeeded") {
// No need to prompt user, use this token to call Web API
saveEmailWithSSO(result.value, attachmentIds, DataObj);
} else if (result.error.code == 13007 || result.error.code == 13005) {
console.log('error:', result.error.code);
// These error codes indicate that we need to prompt for consent
// Office.context.auth.getAccessTokenAsync({ forceConsent: true }, function (result) {
OfficeRuntime.auth.getAccessToken({ allowConsentPrompt: true, allowSignInPrompt: true }, function (result) {
if (result.status === "succeeded") {
console.log('AccessToken:', result.value);
saveEmailWithSSO(result.value, attachmentIds, DataObj);
} else {
// Could not get SSO token, proceed with authentication prompt
console.log('in with prompt else1 ');
// console.log('error:', result.error.code);
saveEmailWithPrompt(attachmentIds);
}
});
} else {
// Could not get SSO token, proceed with authentication prompt
console.log('in with prompt else2 ');
console.log('error:', result.error.code);
saveEmailWithPrompt(attachmentIds);
}
}).catch(function (error) {
console.log('in catch', error);
});
}
the above code is always ending up in Catch block with error 13005, Missing Preauthorization, Missing grant for this addin.
I have referred and made changes from this link also https://github.com/OfficeDev/office-js/issues/923 even the similar questions here could not resolve it. Please suggest what else could be done to resolve.
I am trying to run this code with a global admin's outlook account and another user from outside tenant. but not working in both the cases.
------update----
After some work around I am able to see this issue in sign in (while using forceConsent allowConsentPrompt) I can see this error
Solved ! After hours of brainstorming , I am able to resolve this error by revisting the document again. I overlooked step 12 of
这篇关于在 Outlook 365 Web 插件 13005 中获取 SSO 时出错.缺少预授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
