Hi @BetterSolutions.com ,
The OfficeRuntime.auth.getAccessToken() API gives you an SSO token from Office for the currently signed in user. The advantage is that a user only needs to sign in once (to Office.) Then when your add-in is loaded you can reuse that token without requiring the user to sign in again.
However the SSO token cannot be used to access Microsoft Graph from an SPA web app. It requires you to use the On-Behalf-Of (OBO) flow on your web server to get a Graph token that only your web server can use. So for SPA you would need to use something like @azure/msal-browser to call Graph APIs from your client code in the browser.
You can call getAccessToken from an SPA web app and get the SSO token. It is an identity token with information about the signed in user. But you have to use the OBO flow and make calls to Microsoft Graph from your web server. There's more information about this workflow at Authorize to Microsoft Graph with SSO
Hope this helps!