getAccessToken failing for sideloaded Outlook Add-In, then working, then failing again

Hi @Alexander Pavlov

First, I’d like to clarify that this is a user‑to‑user support forum. Moderators participating here do not have access to backend systems, nor can we directly intervene in Microsoft product functionality. Our role is limited to providing technical guidance and sharing best‑practice recommendations based on reported issues, requests, and scenarios.      

As your description, this issue might relate to a configuration-related Single Sign-On (SSO) error in the Outlook add-in (error code 13004 – Invalid Resource URL).  This issue occurs when the resource identifier defined in the add-in manifest does not exactly match the add-in domain and the Application ID URI configured in Microsoft Entra ID (Azure AD). In such cases, Outlook is unable to issue an access token and blocks authentication. The add-in may appear to work temporarily due to cached configuration, but it will fail again once Outlook revalidates the SSO metadata. 

To troubleshoot it, you could try to ensure the add-in manifest <WebApplicationInfo><Resource>) and the Entra ID App Registration Application ID URI are fully aligned and use the same domain.  After correcting the configuration, the add-in must be removed and sideloaded again to apply the changes. 

You can refer via: Troubleshoot error messages for legacy Office single sign-on (SSO) - Office Add-ins | Microsoft Lea… 

Regarding the issue where the Outlook Add‑in panel temporarily lost all add‑ins, I have found that this behavior might be related to a recent Microsoft service change affecting Exchange Web Services (EWS). 

Specifically, following a recent service flight rollback on Microsoft’s side, the availability and loading of Office Add‑Ins temporarily depended on EWS being enabled at either the organization or mailbox level. During this period, some Outlook add‑ins did not appear or failed to load correctly, even though no changes were made on your side. 

You can refer more via: Office Add-ins known issues - Office Add-ins | Microsoft Learn 

Please note that this summary is based on my own findings and may not fully address your concerns. To resolve this, Microsoft’s support team will need to step in. A technical support engineer can perform a remote session to investigate the situation, verify the backend configurations, and run any necessary synchronization tools to resolve the problem. If the issue requires further attention, they can escalate it to a specialized team for deeper analysis.    

Reference: Get support - Microsoft 365 admin | Microsoft Learn 

Note: To create a support ticket, you need to have Microsoft 365 admin privileges and if you aren’t admin of your organization, please contact the admin of creating a new ticket.  Apologies for redirecting you to the related development team support. As moderators in this community, we do not have access to your specific tenant configuration, and my testing environment is limited. Therefore, my guidance is based on available Microsoft documentation and resources. That said, I’ll do my best to provide additional insight where possible.  

Please understand that our initial reply may not always immediately resolve the issue. However, with your help and more detailed information, we can work together to find a solution. 

Note: Please follow the steps in [our documentation] to enable e-mail notifications if you want to receive the related email notification for this thread. 

I've been able to narrow the problem down to where the user is simultaneously logged in, in the same browser, into an Outlook with a commercial corporate O365 account, as well as a developer account with onmicrosoft.com. When opening an add-in in Outlook for the onmicrosoft.com account, this error happens: the request to login.microsoftonline.com/organizations/oauth2/v2.0/authorize is HTTP 302-redirected to outlook.cloud.microsoft/mail/``spaExtSSO.html with fragment containing string #error=login_required&error_description=AADSTS50058%3a+A+silent+sign-in+request+was+sent+but+no+user+is+signed+in.+The+cookies+used+to+represent+the+user%27s+session+were+not+sent+in+the+request+to+Azure+AD.+...
after which the exception described in the question fires in getAccessToken(). In Firefox, a browser popup window flashes momentarily and closes. If I log out of all accounts and log in only to the onmicrosoft.com account, the token is returned without problems.
I still at loss why it says "no user is signed in" about the account I am actually logged into, or why I cannot select the necessary account out of the two I am logged into.