SSO works with side loaded manifest, but not from the office store

Gregory Lee 20 Reputation points

I'm trying to integrate Microsoft SSO into an Office Addin. I have this code:

  const middletierToken: string = await OfficeRuntime.auth.getAccessToken({
            allowSignInPrompt: true,
            allowConsentPrompt: true,
            forMSGraphAccess: true,

This code works when I side load the manifest, and I can access my users' MSGraph info. However, with the manifest from the app store, this call fails with an error 13012. What am I doing wrong?

As a side note, if I set:

forMSGraphAccess: false

the call works for the app store manifest, and I can actually use that token to access MSGraph. However, then the consent screen for MS Graph doesn't show up, so my users who haven't already consented are locked out.

A suite of Microsoft productivity software that supports common business tasks, including word processing, email, presentations, and data management and analysis.
1,004 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,606 questions
{count} votes

Accepted answer
  1. Marilee Turscak-MSFT 29,856 Reputation points Microsoft Employee

    @Gregory Lee ,

    This is expected behavior if you are using forMSGraphAccess: true with the side-loaded add-in.

    You can set forMSGraphAccess: false and call the getaccesstoken() and you will no longer see the 13012 error.

    Otherwise you need to deploy the add-in via the admin center if you are using forMSGraphAccess: true

    If you still run into any issues, I would recommend reaching out on the Office forums for assistance.

    If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar information.

    0 comments No comments

0 additional answers

Sort by: Most helpful