Error getting SSO in Outlook 365 web addin 13005. Preauthorization missing
I am working upon an outlook add-in and I am trying to get SSO token to call Graph API. I am referring this link to develop my addin Outlook addin SSO. I registered my App in Azure AD (multi-tenant). and followed everything step by step
I added version override to Manifest
<Id>Client_id-xxx-xxx</Id>
<Resource>api://localhost:44361/Client_id-xxx-xxx</Resource>
<Scopes>
<Scope>openid</Scope>
<Scope>offline_access</Scope>
<Scope>profile</Scope>
<Scope>Files.ReadWrite</Scope>
<Scope>Mail.Read</Scope>
<Scope>User.Read</Scope>
<Scope>email</Scope>
</Scopes>
</WebApplicationInfo>
authconfig.js
var authConfig = {
clientId:"Client_id-xxx-xxx",
scopes: "Files.ReadWrite Mail.Read openid offline_access profile email User.Read",
redirectUrl: "https://localhost:44361/MessageRead.html"
};
Web.config
<appSettings>
<add key="ida:AppId" value="Client_Id_xx-xx" />
<add key="ida:Audience" value="Client_id_xx_xx" />
<add key="ida:AppPassword" value="app_Password" />
<add key="ida:RedirectUri" value="https://localhost:44361/MessageRead.html" />
<add key="ida:Authority" value="https://login.microsoftonline.com/common/oauth2/v2.0" />
</appSettings>
I have granted the admin consent to all users in the tenant as well. (see attachment)
My javascript code :
Office.initialize = function (reason) {
// console.log("In Office.initialize ", reason);
$(document).ready(function () {
// console.log("In Office.ready ");
if (OfficeHelpers.Authenticator.isAuthDialog()) return;
var element = document.querySelector('.ms-MessageBanner');
messageBanner = new fabric.MessageBanner(element);
messageBanner.hideBanner();
authenticator = new OfficeHelpers.Authenticator();
authenticator.endpoints.registerMicrosoftAuth(authConfig.clientId, {
redirectUrl: authConfig.redirectUrl,
scope: authConfig.scopes
});
//loadProps();
});
};
function GetSSOToken(DataObj) {
var attachmentIds = getAttechamentIdList();
//if (Office.context.auth !== undefined && Office.context.auth.getAccessToken !== undefined) {
if (OfficeRuntime.auth !== undefined && OfficeRuntime.auth.getAccessToken !== undefined) {
OfficeRuntime.auth.getAccessToken().then(function (result) {
if (result.status === "succeeded") {
// No need to prompt user, use this token to call Web API
saveEmailWithSSO(result.value, attachmentIds, DataObj);
} else if (result.error.code == 13007 || result.error.code == 13005) {
console.log('error:', result.error.code);
// These error codes indicate that we need to prompt for consent
// Office.context.auth.getAccessTokenAsync({ forceConsent: true }, function (result) {
OfficeRuntime.auth.getAccessToken({ allowConsentPrompt: true, allowSignInPrompt: true }, function (result) {
if (result.status === "succeeded") {
console.log('AccessToken:', result.value);
saveEmailWithSSO(result.value, attachmentIds, DataObj);
} else {
// Could not get SSO token, proceed with authentication prompt
console.log('in with prompt else1 ');
// console.log('error:', result.error.code);
saveEmailWithPrompt(attachmentIds);
}
});
} else {
// Could not get SSO token, proceed with authentication prompt
console.log('in with prompt else2 ');
console.log('error:', result.error.code);
saveEmailWithPrompt(attachmentIds);
}
}).catch(function (error) {
console.log('in catch', error);
});
}
the above code is always ending up in Catch block with error 13005, Missing Preauthorization, Missing grant for this addin.
I have referred and made changes from this link also https://github.com/OfficeDev/office-js/issues/923 even the similar questions here could not resolve it. Please suggest what else could be done to resolve.
I am trying to run this code with a global admin's outlook account and another user from outside tenant. but not working in both the cases.
------update----
After some work around I am able to see this issue in sign in (while using forceConsent allowConsentPrompt) 
I can see this error
Solved ! After hours of brainstorming , I am able to resolve this error by revisting the document again.
I overlooked step 12 of https://learn.microsoft.com/en-us/office/dev/add-ins/develop/register-sso-add-in-aad-v2
- How to make Depends optional in FastAPI?
- Getting refresh token for gmail API with Spring Security
- Creating firebase user with authentication information from Salesforce
- Where to store the refresh token on the Client?
- AuthorizedClientServiceOAuth2AuthorizedClientManager: accessToken cannot be null
- How do I add audience validation using Spring OAuth without needing the issuer?
- Ruby & IMAP - Accessing Office 365 with Oauth 2.0
- 3rd party cookies in Android 14/New Chrome using Angular/Firebase Auth/Hosting and NodeJs in Server
- Swift Discord OAuth2 redirect URi not supported by Client
- Apim policy to validat token for b2b and as well as b2c tenant token endpoints
- Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
- Google APIs Console - missing client secret
- Automating access token refreshing via interceptors in axios
- Supabase does not append code parameter to the redirect URL after OAuth login
- How/why is login page redirect required?
- Where can I find a list of scopes for Google's OAuth 2.0 API?
- Using ASP.Net Core Identity in parallel with OpenIdConnect OAuth2
- Spring security JWT without OAuth
- Add OAuth authentication for HTTP request triggers
- Get email, phone, etc from OAuth2 login
- BFF pattern for native apps in OAuth 2.0?
- Why is PKCE `code_verifier` calculated server-side in BFF pattern?
- Apache strips down "Authorization" header
- Fake Firebase Auth Tokens for Test Environment
- Access Not Configured for Google OAUTH Login
- Authenticating to Microsoft 365 SMTP servers via OAuth2 only works for users without MFA
- Getting user data through an Azure AD OAuth login - React Native Expo App
- Callback github URI with Oauth2 and Spring Boot 3.4.0 not found after authentication
- spring oauth client (v6.4.2): does not redirect to oauth-server
- NextJs: server component vs server action