How to retrieve cookie from MS-OFBA inside Word Document

Connor Shore 0 Reputation points
2023-09-26T16:44:46.1133333+00:00

Hello I have a question about retrieving the cookie received via MS-OFBA from the Word document itself. Currently in our application, the user selects "Update" on the document they would like to edit, this triggers the document to open locally and then they are prompted with an SSO sign in. Upon signing in the document fully opens on the user's machine for editing. I'm curious if there is a way to get access to the cookie received via the SSO in the Word document.

Here is the flow mentioned from the dev team who implemented the SSO:

  1. Frontend redirects the user to ms-word:ofe|u|https://{manager-domain}/api/exposed/path/to/document.docxms-word:ofe|u| does all the magic and opens the Word document on the local computer.
  2. Then Word opens and the first thing it does is send an OPTIONS request without any tokens, cookies or anything else to the specified address
  3. In response to this, Manager returns 403 to the Word and tells the Word where to pull the user login form from using special headers
  4. Word is able to recognize such headers in the response, pulls out the form and displays the html for the user
  5. Then the user logs in according to the form and at the end receives a Set-Cookie header in response (In the case of non-SSO, the user receives an Authorization cookie and in case of SSO they get JSESSIONID cookie)
  6. As a result, Word remembers this cookie and starts sending it with every request, and thus we make sure that the user has access to Manager.

We also have a plugin for Word we created with the Office COM API (C#) and when we try to process a document it fails when trying to retrieve the contents of the template due to a 403 and Word not using the cookie.

Overall, is there a way, once the SSO login has finished, to get the cookie received from the SSO in the Word document itself via the COM API or is there no possible way to get and store that cookie on our end? We need this cookie at the COM API level to be used by our ribbon plugin.

Thanks,

Connor

Office Development
Office Development
Office: A suite of Microsoft productivity software that supports common business tasks, including word processing, email, presentations, and data management and analysis.Development: The process of researching, productizing, and refining new or existing technologies.
3,910 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.