Using Social Logins in an Office App

Question

I'm building an Office App app that integrates with a few different social logins. Playing around with a POC and it becomes clear that the redirects / new windows opened by SSO's like Office 365 / Facebook are a blocker as they don't return back to the window (the login confirmations etc) that opened them (the office app). Is there any way of ensuring that any new window is rendered inside the Office app container rather than a new window?

Related Questions

• Outlook App - ADAL Authentication - AADSTS90056: This endpoint only accepts POST requests
• https://social.msdn.microsoft.com/Forums/office/en-US/e941096a-5e57-4e61-85fb-63ba33cd68ca/aadsts90056-this-endpoint-only-accepts-post-requests?forum=azureapimgmt

Answer 1

As I wrote there, because of security constraints you cannot implement the OAUTH flow within the addin sandboxed iFrame, so the popup window is a necessary workaround.

Here is the best solution to achieve the OAUTH flow in popup and it explains clearly the problem and why popups are a necessary evil.

Microsoft is well aware of the problem and has started to work on a dialogAPI that avoid popup window (that may be turned off). This dialogAPI has been created for that purpose but is only available for Office Desktop. If you want to support all clients (including web clients) then you need a fallback solution relying on popups.

Some more links on the Office add-in sandboxed iFrame OAUTH problems:

• an msdn thread
• another one that deals with the difference of IE mode (and then cookie store) when it is started as a popup by Office Desktop with regular usage.
• my old/outdated solution to overcome the problem

EDIT (September 2016):

At Keluro we released an open source code sample to leverage the sign-in technicalities. It is used more for connecting to Azure AD/Office 365 but the client side using dialogApi and the popup as a fall back can be reused for other social logins.