As a fallback authentication when the add-in is running on a version of Office that doesn't support SSO.When the add-in needs access to a non-Microsoft service that you control.When the add-in is used primarily by Exchange on-premises users.By verifying the user's identity, you can then perform a one-time authentication into your back-end system, then accept the user identity token as an authorization for future requests. Exchange user identity tokenĮxchange user identity tokens provide a way for your add-in to establish the identity of the user. Use the identity information in the token to establish the user's identity and authenticate to your own back-end servicesįor a more detailed overview, see the full overview of the SSO authentication method.įor details on using the SSO token in an Outlook add-in, see Authenticate a user with an single-sign-on token in an Outlook add-in.įor a sample add-in that uses the SSO token, see Outlook Add-in SSO.Complete the On-Behalf-Of flow to obtain an access token scoped to the Microsoft Graph API.The add-in uses this as a bearer token in the Authorization header to authenticate a call back to your API. Using this method, your add-in can obtain an access token scoped to your server back-end API.
SSO-enabled add-ins that use the Teams manifest can be sideloaded, but can't be deployed in any other way at this time. If the add-in is using the Teams manifest for Office Add-ins (preview), there is some manifest configuration, but Microsoft Graph scopes aren't specified.
0 kommentar(er)
