''Preauthorization missing.' error when trying to get Access Token from Outlook AddIn
I am making an Outlook add-in in React and when trying to get the access token from OfficeRuntime, I get the following error:
This is the method I am trying to run:
var bootToken = OfficeRuntime.auth.getAccessToken({
allowSignInPrompt: true
});
This is the error in the browser console:
OSF.DDA.Error {name: 'Preauthorization missing.', message: 'Missing grant for this add-in.', code: 13005} code: 13005 message: "Missing grant for this add-in." name: "Preauthorization missing."
This is my manifest.xml file:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<OfficeApp xmlns="http://schemas.microsoft.com/office/appforoffice/1.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:bt="http://schemas.microsoft.com/office/officeappbasictypes/1.0" xmlns:mailappor="http://schemas.microsoft.com/office/mailappversionoverrides/1.0" xsi:type="MailApp">
<Id>{AppId}</Id>
<Version>1.0.0.0</Version>
<ProviderName>Signator</ProviderName>
<DefaultLocale>en-US</DefaultLocale>
<DisplayName DefaultValue="Signator Demo"/>
<Description DefaultValue="Signator demo"/>
<IconUrl DefaultValue="https://localhost:3000/assets/icon-64.png"/>
<HighResolutionIconUrl DefaultValue="https://localhost:3000/assets/icon-128.png"/>
<SupportUrl DefaultValue="https://www.contoso.com/help"/>
<AppDomains>
<AppDomain>https://www.contoso.com</AppDomain>
</AppDomains>
<Hosts>
<Host Name="Mailbox"/>
</Hosts>
<Requirements>
<Sets>
<Set Name="Mailbox" MinVersion="1.1"/>
</Sets>
</Requirements>
<FormSettings>
<Form xsi:type="ItemRead">
<DesktopSettings>
<SourceLocation DefaultValue="https://localhost:3000/taskpane.html"/>
<RequestedHeight>250</RequestedHeight>
</DesktopSettings>
</Form>
</FormSettings>
<Permissions>ReadWriteItem</Permissions>
<Rule xsi:type="RuleCollection" Mode="Or">
<Rule xsi:type="ItemIs" ItemType="Message" FormType="Read"/>
</Rule>
<DisableEntityHighlighting>false</DisableEntityHighlighting>
<VersionOverrides xmlns="http://schemas.microsoft.com/office/mailappversionoverrides" xsi:type="VersionOverridesV1_0">
<Requirements>
<bt:Sets DefaultMinVersion="1.3">
<bt:Set Name="Mailbox"/>
</bt:Sets>
</Requirements>
<Hosts>
<Host xsi:type="MailHost">
<DesktopFormFactor>
<FunctionFile resid="Commands.Url"/>
<ExtensionPoint xsi:type="MessageReadCommandSurface">
<OfficeTab id="TabDefault">
<Group id="msgReadGroup">
<Label resid="GroupLabel"/>
<Control xsi:type="Button" id="msgReadOpenPaneButton">
<Label resid="TaskpaneButton.Label"/>
<Supertip>
<Title resid="TaskpaneButton.Label"/>
<Description resid="TaskpaneButton.Tooltip"/>
</Supertip>
<Icon>
<bt:Image size="16" resid="Icon.16x16"/>
<bt:Image size="32" resid="Icon.32x32"/>
<bt:Image size="80" resid="Icon.80x80"/>
</Icon>
<Action xsi:type="ShowTaskpane">
<SourceLocation resid="Taskpane.Url"/>
</Action>
</Control>
</Group>
</OfficeTab>
</ExtensionPoint>
</DesktopFormFactor>
</Host>
</Hosts>
<Resources>
<bt:Images>
<bt:Image id="Icon.16x16" DefaultValue="https://localhost:3000/assets/icon-16.png"/>
<bt:Image id="Icon.32x32" DefaultValue="https://localhost:3000/assets/icon-32.png"/>
<bt:Image id="Icon.80x80" DefaultValue="https://localhost:3000/assets/icon-80.png"/>
</bt:Images>
<bt:Urls>
<bt:Url id="Taskpane.Url" DefaultValue="https://localhost:3000/taskpane.html"/>
</bt:Urls>
<bt:ShortStrings>
<bt:String id="GroupLabel" DefaultValue="Signator Add-in"/>
<bt:String id="TaskpaneButton.Label" DefaultValue="Show Taskpane"/>
</bt:ShortStrings>
<bt:LongStrings>
<bt:String id="TaskpaneButton.Tooltip" DefaultValue="Opens a pane displaying all available properties."/>
</bt:LongStrings>
</Resources>
<VersionOverrides xmlns="http://schemas.microsoft.com/office/mailappversionoverrides/1.1" xsi:type="VersionOverridesV1_1">
<Requirements>
<bt:Sets DefaultMinVersion="1.3">
<bt:Set Name="Mailbox"/>
</bt:Sets>
</Requirements>
<Hosts>
<Host xsi:type="MailHost">
<DesktopFormFactor>
<FunctionFile resid="Commands.Url"/>
<ExtensionPoint xsi:type="MessageReadCommandSurface">
<OfficeTab id="TabDefault">
<Group id="msgReadGroup">
<Label resid="GroupLabel"/>
<Control xsi:type="Button" id="msgReadOpenPaneButton">
<Label resid="TaskpaneButton.Label"/>
<Supertip>
<Title resid="TaskpaneButton.Label"/>
<Description resid="TaskpaneButton.Tooltip"/>
</Supertip>
<Icon>
<bt:Image size="16" resid="Icon.16x16"/>
<bt:Image size="32" resid="Icon.32x32"/>
<bt:Image size="80" resid="Icon.80x80"/>
</Icon>
<Action xsi:type="ShowTaskpane">
<SourceLocation resid="Taskpane.Url"/>
</Action>
</Control>
</Group>
</OfficeTab>
</ExtensionPoint>
</DesktopFormFactor>
</Host>
</Hosts>
<Resources>
<bt:Images>
<bt:Image id="Icon.16x16" DefaultValue="https://localhost:3000/assets/icon-16.png"/>
<bt:Image id="Icon.32x32" DefaultValue="https://localhost:3000/assets/icon-32.png"/>
<bt:Image id="Icon.80x80" DefaultValue="https://localhost:3000/assets/icon-80.png"/>
</bt:Images>
<bt:Urls>
<bt:Url id="Taskpane.Url" DefaultValue="https://localhost:3000/taskpane.html"/>
</bt:Urls>
<bt:ShortStrings>
<bt:String id="GroupLabel" DefaultValue="Signator Add-in"/>
<bt:String id="TaskpaneButton.Label" DefaultValue="Show Taskpane"/>
</bt:ShortStrings>
<bt:LongStrings>
<bt:String id="TaskpaneButton.Tooltip" DefaultValue="Opens a pane displaying all available properties."/>
</bt:LongStrings>
</Resources>
<WebApplicationInfo>
<Id>{AppId}</Id>
<Resource>api://localhost:3000/{AppId}</Resource>
<Scopes>
<Scope>openid</Scope>
<Scope>profile</Scope>
<Scope>offline_access</Scope>
<Scope>Files.Read.All</Scope>
<Scope>User.Read</Scope>
<Scope>email</Scope>
<Scope>access_as_user</Scope>
</Scopes>
</WebApplicationInfo>
</VersionOverrides>
</VersionOverrides>
</OfficeApp>
This is my .env file:
CLIENT_ID=6fd14366-13ed-4a8d-8563-0f89e8428f43
GRAPH_URL_SEGMENT_=/me
NODE_ENV=development
PORT=3000
QUERY_PARAM_SEGMENT=
SCOPE=access_as_user
These are my API permissions:
I also have declared a scope 'access_as_user' and generated a client secret, added all possible client apps, enabled authorization and sso and set the app to be multi tenant.
What could be the problem why do I get the error that 'Preauthorization is missing' (code 13005)?
Solution 1:[1]
Under Manage, select API permissions, and select Add a permission. On the panel that opens, choose Microsoft Graph, and then choose Delegated permissions. Please check your permissions and see if Files.Read.All is selected for appliation type permission and if needs to be changed to delegated.
Files.Read.All
offline_access
openid
profile
- Please make sure to grant admin consent as an administrator.So please test tenants where you have admin role and from that you can provide all the consents. When developing, you have to grant admin consent as described here.
- Also try use this url and check to grant permissions for your app:
https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id={client-id}see Grant tenant-wide admin consent to an application - Azure AD | Microsoft Docs.
- Please refer Outlook-Add-in-SSO /Office-Add-in-samples ยท GitHub which implements an outlook-add-in-sso-aspnet that uses Office's SSO feature to give the add-in access to Microsoft Graph data.
- And check in the Authorized client applications section, identify the applications that you want to authorize to your add-in's web application. Each of the following IDs needs to be pre-authorized:
for example In the Authorized client applications section, enter the following ID to pre-authorize all Microsoft Office application endpoints.
ea5a67f6-b6f3-4338-b240-c655ddc3cc8e (All Microsoft Office application endpoints)
The ID, ea5a67f6-b6f3-4338-b240-c655ddc3cc8e pre-authorizes Office on all the following platforms.
Note :Alternatively, you can enter a proper subset of the following IDs if for any reason you want to deny authorization to Office on some platforms. Just leave out the IDs of the platforms from which you want to withhold authorization.
d3590ed6-52b3-4102-aeff-aad2292ab01c (Microsoft Office)
ea5a67f6-b6f3-4338-b240-c655ddc3cc8e (Microsoft Office)
57fb890c-0dab-4253-a5e0-7188c88b2bb4 (Office on the web)
08e18876-6177-487e-b8b5-cf950c1e598c (Office on the web)
bc59ab01-8403-45c6-8796-ac3ef710b3e3 (Outlook on the web)
For each ID, take these steps:
a. Select Add a client application button, and in the panel that opens, set the Client ID to the respective GUID and check the box for api://localhost:44355/$App ID GUID$/access_as_user.
b. Select Add application.
Please check these References:
- Register an Office Add-in that uses SSO with the Microsoft identity platform - Office Add-ins | Microsoft Docs & create-sso-office-add-ins-nodejs.
- oauth 2.0 - Error getting SSO in Outlook 365 web addin 13005. Preauthorization missing - Stack Overflow.
Another possible cause, during development, is that your add-in using Internet Explorer, and you are using a self-signed certificate. (To determine which browser is being used by the add-in, see Browsers used by Office Add-ins ).
See Troubleshoot error messages for single sign-on (SSO) - Office Add-ins | Microsoft Docs
References:
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | kavyasaraboju-MT |