Search code examples
authenticationoutlookms-officeoffice-jsauth0

Office Add-in + Auth0 - Trouble with keeping users logged in

Background

I'm developing an Office Add-in for Outlook. I'm using Auth0 for authenticating users before the client can access my API. So far I'm only allowing users to log in using the username / password connection (no social login).

I'm having an issue with users having to log in quite often.

What I've tried

I've tried to following approaches and failed:

  1. Refresh tokens - not allowed due to the browser context
  2. Silent auth - seems like it's not working that well (sessions are terminated frequently)

Questions

  1. Why does the session terminate so frequently (disabling silent auth)?
  2. What decides if the session is terminated at all?
  3. Would it help to use Microsoft social login?

I'm happy to read any relevant material - I'm just not sure where to look. So please reference any material that can be helpful.

Solution

  • If Azure active directory is your Auth provider/ gating access to your API and the user is an O365 user then you can use Single Sign on for office. The capability is currently in preview and will be released soon.

    https://learn.microsoft.com/en-us/outlook/add-ins/implement-sso-in-outlook-add-in

    You still need to implement oAuth flow if your add-in is going to be used on outlook mobile or exchange on-prem. In that case after the user complete the oatuh flow. You need to keep a mapping of the exchange identity token and access/ refresh token on your end.

    The article linked above explains that as well.