This repository contains the source code used by the Yo Office generator when you create a new Office Add-in that appears in the task pane. You can also use this repository as a sample to base your own project from if you choose not to use the generator.
This sample shows how to use MSAL.js nested app authentication (NAA) in an Office Add-in to access Microsoft Graph APIs for the signed in user. The sample displays the signed in user's name and email. It also inserts the names of files from the user's Microsoft OneDrive account into the document.
IMPORTANT: Nested app authentication is currently in preview. To try this feature you need to join the Microsoft 365 Insider Program and choose the Beta Channel. Don't use NAA in production add-ins. We invite you to try out NAA in test or development environments and welcome feedback on your experience through GitHub (see https://github.com/OfficeDev/office-js/issues).
- Use MSAL.js NAA to get an access token to call Microsoft Graph APIs.
- Use MSAL.js NAA to get information about the user signed in to Office.
- Word, Excel, and PowerPoint on Windows build 16.0.17531.20000 or later.
- Word, Excel, and PowerPoint on Mac build 16.85.24040319 or later.
- Office connected to a Microsoft 365 subscription (including Office on the web).
- You need to join the Microsoft 365 Insider Program to use the NAA preview features. Choose the Beta Channel insider level.
- Node.js version 16 or greater.
- npm version 8 or greater.
-
Go to the Azure portal - App registrations page to register your app.
-
Sign in with the admin credentials to your Microsoft 365 tenancy. For example, [email protected].
-
Select New registration. On the Register an application page, set the values as follows.
- Set Name to
Office-Add-in-SSO-NAA
. - Set Supported account types to Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox).
- In the Redirect URI section, ensure that Single-page application (SPA) is selected in the drop down and then set the URI to
brk-multihub://localhost:3000
. - Select Register.
- Set Name to
-
On the Office-Add-in-SSO-NAA page, copy and save the value for the Application (client) ID. You'll use it in the next section.
For more information on how to register your application, see Register an application with the Microsoft Identity Platform.
- Clone or download this repository.
- From the command line, or a terminal window, go to the root folder of this sample at
/samples/auth/Office-Add-in-SSO-NAA
. - Open the
src/taskpane/authConfig.ts
file. - Replace the placeholder "Enter_the_Application_Id_Here" with the Application ID that you copied.
- Save the file.
- Run the following commands.
npm install
npm run start
This will start the web server and sideload the add-in to Excel.
- In Excel, look for the Show task pane button and select it.
- When the task pane opens, there are two buttons: Get user data and Get user files.
- To see the signed in user's name and email, select Get user data.
- To insert the first 10 filenames from the signed in user's Microsoft OneDrive, select Get user files.
You'll be prompted to consent to the scopes the sample needs when you select the buttons.
If you want to choose Word or PowerPoint, modify the start
command in the package.json
file to match one of the following entries.
- For Word:
"start": "office-addin-debugging start manifest.xml desktop --app word",
- For PowerPoint:
"start": "office-addin-debugging start manifest.xml desktop --app powerpoint",
You can also debug the sample by opening the project in VS Code.
- Select the Run and Debug icon in the Activity Bar on the side of VS Code. You can also use the keyboard shortcut Ctrl+Shift+D.
- Select the launch configuration you want from the Configuration dropdown in the Run and Debug view. For example, Word Desktop (Edge Chromium).
- Start your debug session with F5, or Run > Start Debugging.
For more information on debugging with VS Code, see Debugging. For more information on debugging Office Add-ins in VS Code, see Debug Office Add-ins on Windows using Visual Studio Code and Microsoft Edge WebView2 (Chromium-based)
The src/taskpane/authConfig.ts
file contains the MSAL code for configuring and using NAA. It contains a class named AccountManager which manages getting user account and token information.
- The
initialize
function is called from Office.onReady to configure and intitialize MSAL to use NAA. - The
ssoGetToken
function gets an access token for the signed in user to call Microsoft Graph APIs. - The
ssoGetUserIdentity
function gets the account information of the signed in user. This can be used to get user details such as name and email.
The src/taskpane/document.ts
file contains code to write a list of file names, retrieved from Microsoft Graph, into the document. This works for Word, Excel, and PowerPoint documents.
The src/taskpane/taskpane.ts
file contains code that runs when the user chooses buttons in the task pane. They use the AccountManager class to get tokens or user information depending on which button is chosen.
The src/taskpane/msgraph-helper.ts
file contains code to construct and make a REST call to the Microsoft Graph API.
If you find a security issue with our libraries or services, report the issue to [email protected] with as much detail as you can provide. Your submission may be eligible for a bounty through the Microsoft Bounty program. Don't post security issues to GitHub Issues or any other public site. We'll contact you shortly after receiving your issue report. We encourage you to get new security incident notifications by visiting Microsoft technical security notifications to subscribe to Security Advisory Alerts.
- Did you experience any problems with the sample? Create an issue and we'll help you out.
- We'd love to get your feedback about this sample. Go to our Office samples survey to give feedback and suggest improvements.
- For general questions about developing Office Add-ins, go to Microsoft Q&A using the office-js-dev tag.
Copyright (c) 2024 Microsoft Corporation. All rights reserved.
This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.