在 Outlook 365 Web 插件 13005 中获取 SSO 时出错。缺少预授权
Error getting SSO in Outlook 365 web addin 13005. Preauthorization missing
我正在处理 outlook 加载项,我正在尝试获取 SSO 令牌以调用 Graph API。我指的是这个 link 来开发我的插件 Outlook addin SSO。
我在 Azure AD(多租户)中注册了我的应用程序。
一步步跟进
我向清单添加了版本覆盖
<Id>Client_id-xxx-xxx</Id>
<Resource>api://localhost:44361/Client_id-xxx-xxx</Resource>
<Scopes>
<Scope>openid</Scope>
<Scope>offline_access</Scope>
<Scope>profile</Scope>
<Scope>Files.ReadWrite</Scope>
<Scope>Mail.Read</Scope>
<Scope>User.Read</Scope>
<Scope>email</Scope>
</Scopes>
</WebApplicationInfo>
authconfig.js
var authConfig = {
clientId:"Client_id-xxx-xxx",
scopes: "Files.ReadWrite Mail.Read openid offline_access profile email User.Read",
redirectUrl: "https://localhost:44361/MessageRead.html"
};
Web.config
<appSettings>
<add key="ida:AppId" value="Client_Id_xx-xx" />
<add key="ida:Audience" value="Client_id_xx_xx" />
<add key="ida:AppPassword" value="app_Password" />
<add key="ida:RedirectUri" value="https://localhost:44361/MessageRead.html" />
<add key="ida:Authority" value="https://login.microsoftonline.com/common/oauth2/v2.0" />
</appSettings>
我也已向租户中的所有用户授予管理员许可。 (详见附件)
我的javascript代码:
Office.initialize = function (reason) {
// console.log("In Office.initialize ", reason);
$(document).ready(function () {
// console.log("In Office.ready ");
if (OfficeHelpers.Authenticator.isAuthDialog()) return;
var element = document.querySelector('.ms-MessageBanner');
messageBanner = new fabric.MessageBanner(element);
messageBanner.hideBanner();
authenticator = new OfficeHelpers.Authenticator();
authenticator.endpoints.registerMicrosoftAuth(authConfig.clientId, {
redirectUrl: authConfig.redirectUrl,
scope: authConfig.scopes
});
//loadProps();
});
};
function GetSSOToken(DataObj) {
var attachmentIds = getAttechamentIdList();
//if (Office.context.auth !== undefined && Office.context.auth.getAccessToken !== undefined) {
if (OfficeRuntime.auth !== undefined && OfficeRuntime.auth.getAccessToken !== undefined) {
OfficeRuntime.auth.getAccessToken().then(function (result) {
if (result.status === "succeeded") {
// No need to prompt user, use this token to call Web API
saveEmailWithSSO(result.value, attachmentIds, DataObj);
} else if (result.error.code == 13007 || result.error.code == 13005) {
console.log('error:', result.error.code);
// These error codes indicate that we need to prompt for consent
// Office.context.auth.getAccessTokenAsync({ forceConsent: true }, function (result) {
OfficeRuntime.auth.getAccessToken({ allowConsentPrompt: true, allowSignInPrompt: true }, function (result) {
if (result.status === "succeeded") {
console.log('AccessToken:', result.value);
saveEmailWithSSO(result.value, attachmentIds, DataObj);
} else {
// Could not get SSO token, proceed with authentication prompt
console.log('in with prompt else1 ');
// console.log('error:', result.error.code);
saveEmailWithPrompt(attachmentIds);
}
});
} else {
// Could not get SSO token, proceed with authentication prompt
console.log('in with prompt else2 ');
console.log('error:', result.error.code);
saveEmailWithPrompt(attachmentIds);
}
}).catch(function (error) {
console.log('in catch', error);
});
}
以上代码总是以错误 13005、缺少预授权、缺少此插件的授权结束在 Catch 块中。
我参考了这个 link 并做了修改 https://github.com/OfficeDev/office-js/issues/923
即使是这里的类似问题也无法解决。请建议还可以做些什么来解决。
我正在尝试 运行 使用全局管理员的 outlook 帐户和来自外部租户的另一个用户使用此代码。但在这两种情况下都不起作用。
------更新----
经过一些变通后,我可以在登录时看到这个问题(使用 forceConsent allowConsentPrompt 时)我可以看到这个错误
已解决!经过几个小时的头脑风暴,我能够通过再次访问文档来解决这个错误。
我忽略了 https://docs.microsoft.com/en-us/office/dev/add-ins/develop/register-sso-add-in-aad-v2
的第 12 步
我正在处理 outlook 加载项,我正在尝试获取 SSO 令牌以调用 Graph API。我指的是这个 link 来开发我的插件 Outlook addin SSO。 我在 Azure AD(多租户)中注册了我的应用程序。 一步步跟进
我向清单添加了版本覆盖
<Id>Client_id-xxx-xxx</Id>
<Resource>api://localhost:44361/Client_id-xxx-xxx</Resource>
<Scopes>
<Scope>openid</Scope>
<Scope>offline_access</Scope>
<Scope>profile</Scope>
<Scope>Files.ReadWrite</Scope>
<Scope>Mail.Read</Scope>
<Scope>User.Read</Scope>
<Scope>email</Scope>
</Scopes>
</WebApplicationInfo>
authconfig.js
var authConfig = {
clientId:"Client_id-xxx-xxx",
scopes: "Files.ReadWrite Mail.Read openid offline_access profile email User.Read",
redirectUrl: "https://localhost:44361/MessageRead.html"
};
Web.config
<appSettings>
<add key="ida:AppId" value="Client_Id_xx-xx" />
<add key="ida:Audience" value="Client_id_xx_xx" />
<add key="ida:AppPassword" value="app_Password" />
<add key="ida:RedirectUri" value="https://localhost:44361/MessageRead.html" />
<add key="ida:Authority" value="https://login.microsoftonline.com/common/oauth2/v2.0" />
</appSettings>
我也已向租户中的所有用户授予管理员许可。 (详见附件)
我的javascript代码:
Office.initialize = function (reason) {
// console.log("In Office.initialize ", reason);
$(document).ready(function () {
// console.log("In Office.ready ");
if (OfficeHelpers.Authenticator.isAuthDialog()) return;
var element = document.querySelector('.ms-MessageBanner');
messageBanner = new fabric.MessageBanner(element);
messageBanner.hideBanner();
authenticator = new OfficeHelpers.Authenticator();
authenticator.endpoints.registerMicrosoftAuth(authConfig.clientId, {
redirectUrl: authConfig.redirectUrl,
scope: authConfig.scopes
});
//loadProps();
});
};
function GetSSOToken(DataObj) {
var attachmentIds = getAttechamentIdList();
//if (Office.context.auth !== undefined && Office.context.auth.getAccessToken !== undefined) {
if (OfficeRuntime.auth !== undefined && OfficeRuntime.auth.getAccessToken !== undefined) {
OfficeRuntime.auth.getAccessToken().then(function (result) {
if (result.status === "succeeded") {
// No need to prompt user, use this token to call Web API
saveEmailWithSSO(result.value, attachmentIds, DataObj);
} else if (result.error.code == 13007 || result.error.code == 13005) {
console.log('error:', result.error.code);
// These error codes indicate that we need to prompt for consent
// Office.context.auth.getAccessTokenAsync({ forceConsent: true }, function (result) {
OfficeRuntime.auth.getAccessToken({ allowConsentPrompt: true, allowSignInPrompt: true }, function (result) {
if (result.status === "succeeded") {
console.log('AccessToken:', result.value);
saveEmailWithSSO(result.value, attachmentIds, DataObj);
} else {
// Could not get SSO token, proceed with authentication prompt
console.log('in with prompt else1 ');
// console.log('error:', result.error.code);
saveEmailWithPrompt(attachmentIds);
}
});
} else {
// Could not get SSO token, proceed with authentication prompt
console.log('in with prompt else2 ');
console.log('error:', result.error.code);
saveEmailWithPrompt(attachmentIds);
}
}).catch(function (error) {
console.log('in catch', error);
});
}
以上代码总是以错误 13005、缺少预授权、缺少此插件的授权结束在 Catch 块中。
我参考了这个 link 并做了修改 https://github.com/OfficeDev/office-js/issues/923 即使是这里的类似问题也无法解决。请建议还可以做些什么来解决。
我正在尝试 运行 使用全局管理员的 outlook 帐户和来自外部租户的另一个用户使用此代码。但在这两种情况下都不起作用。
------更新----
经过一些变通后,我可以在登录时看到这个问题(使用 forceConsent allowConsentPrompt 时)
已解决!经过几个小时的头脑风暴,我能够通过再次访问文档来解决这个错误。
我忽略了 https://docs.microsoft.com/en-us/office/dev/add-ins/develop/register-sso-add-in-aad-v2