Authorize to Microsoft Graph from an Office Add-in
Your add-in can get authorization to Microsoft Graph data by obtaining an access token to Microsoft Graph from the Microsoft identity platform. Use either the Authorization Code flow or the Implicit flow just as you would in other web applications but with one exception: The Microsoft identity platform doesn't allow its sign-in page to open in an iframe. When an Office Add-in is running in Office on the web, the task pane is an iframe. This means you'll need to open the sign-in page in a dialog box by using the Office dialog API. This affects how you use authentication and authorization helper libraries. For more information, see Authentication with the Office dialog API.
Note
If you're implementing SSO and plan to access Microsoft Graph, see Authorize to Microsoft Graph with SSO.
For information about programming authentication using the Microsoft identity platform, see Microsoft identity platform documentation. You'll find tutorials and guides in that documentation set, as well as links to relevant samples. Once again, you may need to adjust the code in the samples to run in the Office dialog box to account for the Office dialog box that runs in a separate process from the task pane.
After your code obtains the access token to Microsoft Graph, either it passes the access token from the dialog box to the task pane, or it stores the token in a database and signals the task pane that the token is available. (See Authentication with the Office dialog API for details.) Code in the task pane requests data from Microsoft Graph and includes the token in those requests. For more information about calling Microsoft Graph and the Microsoft Graph SDKs, see Microsoft Graph documentation.
Recommended libraries and samples
We recommend that you use the following libraries when accessing Microsoft Graph.
- For add-ins using a server-side with a .NET-based framework such as .NET Core or ASP.NET, use MSAL.NET.
- For add-ins using a NodeJS-based server-side, use Passport Azure AD.
- For add-ins using the Implicit flow, use msal.js.
For more information about recommended libraries for working with Microsoft Identity Platform (formerly AAD v.2.0), see Microsoft identity platform authentication libraries.
The following samples get Microsoft Graph data from an Office Add-in.
- Office Add-in Microsoft Graph ASP.NET
- Outlook Add-in Microsoft Graph ASP.NET
- Office Add-in Microsoft Graph React
Google Chrome 3rd party cookie support
Google Chrome is phasing out 3rd party cookies in 2024 and introducing a feature named Tracking Prevention. If Tracking Prevention is enabled in the Chrome browser, your add-in will not be able to use any 3rd party cookies. Your add-in may encounter issues when authenticating the user, such as multiple sign-on requests, or errors.
For improved authentication experiences, see Using device state for an improved SSO experience on browsers with blocked third-party cookies.
For more information about the Google Chrome rollout, see the following resources:
Office Add-ins
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for