I want my Outlook 365 integration to use both, the Outlook JS Add-In API, and the Outlook REST API.
But as I see it, it has separate permission/credential handling:
offline_access scope which interest me the most.What I wan't is to use the Outlook Add-In to give the user additional UI elements, and use the Outlook REST API to keep my data in sync with Outlook data.
Is it possible without forcing the user to give consent twice? That is firstly by giving consent for the Add-In when installing it, and then consent for our app which uses the Outlook REST API for sync jobs.
To my knowledge, it is not possible now without asking the end user to complete a second, OAUTH based, authentication flow.
Note that you can use EWS (Exchange Web Services, which is not REST) without a secondary authentication flow, if you need to access data not provided by Office.js
Have a look at getUserIdentityTokenAsync or makeEwsRequestAsync here.