I have created an add-in and Azure app similar to that shown in the Graph API/Add-in example docs - https://learn.microsoft.com/en-us/graph/tutorials/office-addin.
All is working well when the add-in runs in Excel (making sure the add-in can run in Excel and using an Excel manifest) and the call to OfficeRuntime.auth.getAccessToken returns the api token.
If I run the add-in in Outlook (after changing the add-in to run in Outlook and using an Outlook manifest) I get an error:
getAccessToken error: {"name":"Error occurred in the authentication request from Office.","message":"An unexpected error occurred in the client.","code":13006}
With Outlook I notice that two calls are made that aren't with Excel.
(1) https://outlook.office.com/owa/service.svc?action=GetAuthenticationUrl&app=Mail&n=104
Response:
ResultCode 0
WebSessionType 0
AuthenticationUrl
"https://ccs.login.microsoftonline.com/ccs/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=c75b3cd3-db77-0845-413d-d1890fe17698&protectedtoken=true&tokenenvelope=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=637823342196948067.4c7773c4-3cd6-4e00-8bd9-ccd655dda53e&state=FcfBDYAwCEBR1DgOBguFdgH3qNCbN_dPxMNP3l8AYMvWbKFf-zWedybAlK0VZiln1y6N1A5xM2MXZA9FmUTY7ujoubVGjMrzAw"
ImplicitGrantAuthorizationUrl ""
(2) https://ccs.login.microsoftonline.com/common/oauth2/authorize?...
Response:
404 Not Found
I don't know why Excel and Outlook are behaving differently except maybe because of the manifest setup.
For Excel there is this:
<VersionOverrides xmlns="http://schemas.microsoft.com/office/taskpaneappversionoverrides" xsi:type="VersionOverridesV1_0">
....
<WebApplicationInfo>
<Id>123</Id>
<Resource>api://localhost:3000/123</Resource>
<Scopes>
<Scope>openid</Scope>
<Scope>profile</Scope>
<Scope>access_as_user</Scope>
</Scopes>
</WebApplicationInfo>
....
For Outlook there is this:
<VersionOverrides xmlns="http://schemas.microsoft.com/office/mailappversionoverrides" xsi:type="VersionOverridesV1_0">
<VersionOverrides xmlns="http://schemas.microsoft.com/office/mailappversionoverrides/1.1" xsi:type="VersionOverridesV1_1">
....
<WebApplicationInfo>
<Id>123</Id>
<Resource>api://localhost:3000/123</Resource>
<Scopes>
<Scope>openid</Scope>
<Scope>profile</Scope>
<Scope>access_as_user</Scope>
</Scopes>
</WebApplicationInfo>
....
To use SSO with an Outlook add-in, you must enable Modern Authentication for the Microsoft 365 tenancy. For information about how to do this, see Exchange Online: How to enable your tenant for modern authentication.
To use SSO, your Outlook add-in will need to have a server-side web API that is registered with Azure Active Directory (AAD) v2.0. For more information, see Register an Office Add-in that uses SSO with the Azure AD v2.0 endpoint.
Note, a new Single Sign-on (SSO) service will replace the existing one for Office Add-ins that are used in Office on the web. This new service is aimed at providing better reliability and supporting additional environments where Office on the web is used. This only applies to add-ins for Word, Excel, and PowerPoint. Outlook Add-ins are not impacted by this new service roll out. Read more about that in the New Single Sign-on service for Office Add-ins rolling out in Office on the web article.
Finally, I'd suggest creating a new add-in for Outlook from scratch and check whether it works as expected.