问题
I strictly follow this article to build an Outlook WEB Add-in, but when I execute getAccessToken I receive 302:
Missing grant for this add-in.
with name:
Preauthorization missing
Why is that? My Add-in is well registered in the portal. Do I need to do anything else? What is the grant type for this request and where should I put it in?
$("#getAccessTokenBtn").click(function () {
Office.context.auth.getAccessTokenAsync(function (result) {
if ("succeeded" === result.status) {
// Use this token to call Web API
var ssoToken = result.value;
} else {
if (13003 === result.error.code) {
// SSO is not supported for domain user accounts, only
// work or school (Office 365) or Microsoft Account IDs.
} else {
// Handle error
}
}
});
});
This is my manifest:
<VersionOverrides xmlns="http://schemas.microsoft.com/office/mailappversionoverrides/1.1" xsi:type="VersionOverridesV1_1">
<Requirements>
<bt:Sets DefaultMinVersion="1.3">
<bt:Set Name="Mailbox" />
</bt:Sets>
</Requirements>
<Hosts>
<Host xsi:type="MailHost">
...
</Host>
</Hosts>
<Resources>
...
</Resources>
<WebApplicationInfo>
<Id>94x668mb-461c-4r4e-851n-fb9721222e31</Id>
<Resource>api://localhost:44374/94x668mb-461c-4r4e-851n-fb9721222e31</Resource>
<Scopes>
<Scope>profile</Scope>
<Scope>user.read</Scope>
</Scopes>
</WebApplicationInfo>
</VersionOverrides>
I found the troubleshooting page that suggests for error 13005 the following:
13005 Invalid Grant. This usually means that Office has not been pre-authorized to the add-in's web service. For more information, see Create the service application and Register the add-in with Azure AD v2.0 endpoint (ASP.NET) or Register the add-in with Azure AD v2.0 endpoint (Node JS). This also may happen if the user has not granted your service application permissions to their profile.
What does that even mean?
Before I ask for Access Token, should I consent following this documentation, by just navigating to the the URL below?
https://login.microsoftonline.com/common/adminconsent?client_id=94x668mb-461c-4r4e-851n-fb9721222e31
回答1:
Yes. When developing, you have to grant admin consent as described here.
Another possibility for why you are getting that error is that you haven't preauthorized Outlook to the addin. When you register the add-in with AAD 2.0, be sure that you've done step 10 of this article: Register SSO add-in with AAD 2.0. Finally, if you haven't already, check out this article for any special factors that apply to Outlook addins: Authenticate (Outlook) user with an SSO token
来源:https://stackoverflow.com/questions/50676796/outlook-web-add-in-execution-of-getaccesstoken-returns-status-code-302