-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NAA fails with a "ServerError" in Mac #5209
Comments
Hi @barclayadam, You need to request at least one Microsoft Graph scope or a scope to your own resource. You only listed openid and profile. These are for the ID token, but you also need to request scopes for an access token. You may see this request work in some platforms but it won't work on all. MSAL requires you to request an access token. For more info, see FAQ tokens section Cheers, |
Thank you for your response @davidchesnut, I'm looking into this now. I have no need for any Graph scopes, this is purely for identifying the user so looks like I need to go the custom API scope route. This does bring up a few bigger issues that I seem to keep running into with Outlook add-ins:
These problems sap development and testing time, making working with Outlook add-ins at times frustrating and really unproductive |
Hi @davidchesnut, Can I skip the consent popup in any way? Right now all of our installs across tens of thousands of users authenticate completely silent. With the change to NAA we will suddenly be popping up a window, without warning (most of our user base would have, in essence, no idea we even exist as an add-in as we silently provide them a signature) asking for consent. When using the "other" SSO method, we could pre-authorize the Outlook client application to avoid the need for consent, but it appears as the request is now actually made for our own application this would not be possible. |
Hi @barclayadam, Yes you can get admin consent up front and that way users won't get prompted. We just published an article on different ways to get admin consent here: Publish an add-in that requires admin consent for Microsoft Graph scopes. For error handling in MSAL.js I recommend taking a look at Handle errors and exceptions in MSAL.js. There's good info about getting to the additional details of an error. Thanks for the feedback! I encourage you to share this feedback in the https://github.com/AzureAD/microsoft-authentication-library-for-js repo for the msal-browser team to see. Thanks! |
This issue has been automatically marked as stale because it is marked as needing author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment. Thank you for your interest in Office Add-ins! |
Using NAA on a Mac results in an error being thrown that provides no useful information:
Those logs above are from our add-in that works in OWA, New Outlook and Classic Outlook Task pane (#5208 for a different NAA related issue).
Because the failure appears to be server-side the user will constantly see a popup dialog that never works, we fall back to legacy tokens (for now), and the cycle starts again.
In addition to fixing this bug, any recommendations for handling a situation like this? When NAA simply does not work at all. How should we skip this bad user experience?
Your Environment
Expected behavior
NAA works in Mac
Current behavior
As per description above we get a "ServerError" with no further diagnostic information when attempting to acquire a token.
Steps to reproduce
The below code is how we attempt to acquire a token. This code works on other platforms.
Thank you for taking the time to report an issue. Our triage team will respond to you in less than 72 hours. Normally, response time is <10 hours Monday through Friday. We do not triage on weekends.
The text was updated successfully, but these errors were encountered: