On-Behalf_Of Flow - Office AddIn SSO
I have successfully got the SSO to work in my Office Addin using this code (just testing at the moment)
try {
let userTokenEncoded = await OfficeRuntime.auth.getAccessToken({
allowSignInPrompt: true,
});
So my Azure AD Application is working asit should. I get my JWT token down and if I decrypt it, it looks ok.
I now want to use this token to connect to dataverse but when I try and use it , I get 401 error (makes sense as the token is not for dataverse eventhough I have added this permission into the application registration.
I have been reading that I may need to implement an on-behalf flow so this token can be used to access dataverse and its not as simple as just adding the permission in the Office SSO Application registration.
You need to add a middle-tier service to your solution that can exchange the access token you are getting from the call to the getAccessToken method in the add-in with an access token that can be used in the request to Dataverse.