Note: This sample was moved to the PnP-OfficeAddins repo and is located at https://github.com/OfficeDev/PnP-OfficeAddins/tree/main/Samples/auth/Office-Add-in-NodeJS-SSO
This repo is archived and no longer actively maintained. Security vulnerabilities may exist in the project, or its dependencies. If you plan to reuse or run any code from this repo, be sure to perform appropriate security checks on the code or dependencies first. Do not use this project as the starting point of a production Office Add-in. Always start your production code by using the Office/SharePoint development workload in Visual Studio, or the Yeoman generator for Office Add-ins, and follow security best practices as you develop the add-in.
The getAccessToken API in Office.js enables users who are signed into Office to get access to an AAD-protected add-in and to Microsoft Graph without needing to sign-in again.
There are three versions of the sample in this repo, one of which has its own README file:
- In the Begin folder is the starting point for the SSO walkthrough at at Create a Node.js Office Add-in that uses single sign-on. Please follow the instructions in the article.
- In the Complete folder is the completed sample you would have if you completed the walkthrough. To use this version, follow the instructions in the article Create a Node.js Office Add-in that uses single sign-on, but substitute "Complete" for "Begin" in those instructions and skip the sections Code the client-side and Code the server-side.
- In the SSOAutoSetup folder is essentially the same complete sample (with some slight differences in folder structure), but it contains a utility that will automate most of the registration and configuration. Instructions are in the README in that folder. Use this version if you would like to see a working SSO sample right away. However, we recommend that at some point you go through the manual process of registration and configuration that is documented in Create a Node.js Office Add-in that uses single sign-on, if you have never registered an app with AAD before. Doing so will give you a better understanding of what AAD does and the significance of the configuration steps.
These samples are built on Node.JS, Express, and Microsoft Authentication Library for JavaScript (msal.js).
Integrating data from online service providers increases the value and adoption of your add-ins. This code sample shows you how to connect your add-in to Microsoft Graph. Use this code sample to:
- Build an Add-in using Node.js, Express, msal.js, and Office.js.
- Connect to Microsoft Graph from an Office Add-in.
- Use the OneDrive REST APIs from Microsoft Graph.
- Use the Express routes and middleware to implement the OAuth 2.0 authorization framework in an add-in.
- See how to use the Single Sign-on (SSO) API.
- See how an add-in can fall back to an interactive sign-in in scenarios where SSO is not available.
- Use the msal.js library to implement a fallback authentication/authorization system that is invoked when Office SSO is not available.
- Show a dialog using the Office UI namespace when Office SSO is not available.
- Use add-in commands in an add-in.
- Excel on Windows (subscription)
- PowerPoint on Windows (subscription)
- Word on Windows (subscription)
To run this code sample, the following are required.
- A code editor. We recommend Visual Studio Code which was used to create the sample.
- A Microsoft 365 account which you can get by joining the Microsoft 365 Developer Program that includes a free 1 year subscription to Microsoft 365. During the preview phase, the SSO requires Microsoft 365 (which includes the subscription version of Office). You should use the latest monthly version and build from the Insiders channel. You need to be an Office Insider to get this version. For more information, see Be an Office Insider.
Note: When a build graduates to the production semi-annual channel, support for preview features, including SSO, is turned off for that build.
- At least a few files and folders stored on OneDrive for Business in your Microsoft 365 subscription.
- A Microsoft Azure Tenant. This add-in requires Azure Active Directory (AD). Azure AD provides identity services that applications use for authentication and authorization. A trial subscription can be acquired here: Microsoft Azure.
| Solution | Author(s) |
|---|---|
| Office Add-in Microsoft Graph ASP.NET | Microsoft |
| Version | Date | Comments |
|---|---|---|
| 1.0 | May 10, 2017 | Initial release |
| 1.0 | September 15, 2017 | Added support for 2FA. |
| 1.0 | December 8, 2017 | Added extensive error handling. |
| 1.0 | January 7, 2019 | Added information about web application security practices. |
| 2.0 | October 26, 2019 | Changed to use new API and added Display Dialog API fallback. |
| 2.1 | August 11, 2020 | Removed preview note because the API has released. |
THIS CODE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.
Please go to the README in the Complete or SSOAutoSetup folder for the next steps.
These samples send a hardcoded query parameter on the URL for the Microsoft Graph REST API. If you modify this code in a production add-in and any part of query parameter comes from user input, be sure that it is sanitized so that it cannot be used in a Response header injection attack.
We'd love to get your feedback about this sample. You can send your feedback to us in the Issues section of this repository. Questions about developing Office Add-ins should be posted to Stack Overflow. Ensure your questions are tagged with [office-js] and [MicrosoftGraph].
Get a free sandbox, tools, and other resources you need to build solutions for the Microsoft 365 platform.
- Free developer sandbox Get a free, renewable 90-day Microsoft 365 E5 developer subscription.
- Sample data packs Automatically configure your sandbox by installing user data and content to help you build your solutions.
- Access to experts Access community events to learn from Microsoft 365 experts.
- Personalized recommendations Find developer resources quickly from your personalized dashboard.
Copyright (c) 2019 Microsoft Corporation. All rights reserved.
This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.