Office API getAccessTokenAsync result yields InvalidAuthenticationToken response from Graph

Question

i have been trying to tackle this issues for a while now, i am workin on an Office-js addin for Outlook and is trying to access Microsoft Graph data through my addin.

But i have been unable to authenticate the token i recieve from getAccessTokenAsync. If i attempt to use the authenticator from Office-JS-Helpers i can get access, but i would prefer to use the built in function of the addin for it.

the code i am trying to use is this:

Office.initialize = () => {
    var options = { forceAddAccount: true, forceConsent: true } as Office.AuthOptions;
    Office.context.auth.getAccessTokenAsync(options, getAccessTokenAsyncCallback);
}


function getAccessTokenAsyncCallback(accessTokenResponse) {
console.log(accessTokenResponse.value)   

client = MicrosoftGraph.Client.init({
    authProvider: (done) => {
        done(null, accessTokenResponse.value);
    },
    debugLogging: false
})
client.api("/me")
    .get((err, res, rawResponse) => {
        console.log(err)
        console.log("rawResponse")
        console.log(rawResponse)
    })
}

and my WebApplicationInfo in my manifest is:

<WebApplicationInfo>
    <Id>{AppUID}</Id>
    <Resource>api://localhost:3000/{AppUID}</Resource>
    <Scopes>
      <Scope>profile</Scope>
      <Scope>user.read</Scope>
    </Scopes>
  </WebApplicationInfo>
</VersionOverrides>

and the rights has been set up in my app on the Application Registration Portal.

as far as i can see when validating/decoding the JSON Web Token i recieve from getAccessTokenAsync, it should be valid.

but whenever i try to connect using this token i get this response:

{
   "statusCode": 401,
  "code": "InvalidAuthenticationToken",
  "message": "Access token validation failure.",
  "requestId": "4a0ce952-0e90-XXXXXXXXX-db20c6cca94e",
  "date": "2018-08-30T05:37:43.000Z",
  "body": {
    "code": "InvalidAuthenticationToken",
    "message": "Access token validation failure.",
    "innerError": {
      "request-id": "4a0ce952-0e90-XXXXXXXXX-db20c6cca94e",
      "date": "2018-08-30T07:37:43"
    }
  }
}

i simply can't figure out what the issue is here, am i wrong in that the token returned from getAccessTokenAsync is the one i need for this?

oh yes and i am running up against an Office365 environment with Outlook 2016 version 1807 build 10325.20118 click to run

Answer 1

由返回的标记getAccessTokenAsync，称为自举标志，也不要给你的外接进入MS图形直接。相反，它使Office宿主应用程序（在这种情况下为Outlook）可以访问外接程序的Web应用程序。外接程序的Web应用程序然后使用该令牌来获取对Microsoft Graph的访问令牌。它通过使用“代表” OAuth流来实现。请参阅此节点上的详细文档：Office加载项中的SSO，有关Outlook的特定指导，另请参见使用SSO令牌在Outlook加载项中对用户进行身份验证。