I am trying to perform OAuth from an React based outlook add-in (running on mac) and I'm running into some trouble. I have a node/express backend with an endpoint to perform the OAuth handshake but how do I 1) open a browser or pop-up window from my front end add in? and 2) how do I get the token back to the front end app if control is transferred to another browser or pop-up window?
Related
I trying to use Auth0 in a office add-in (React SPA), specifically Excel.
I am using the popup to login instead of the redirect because the redirect doesn’t load in the iframe.
(The error for the iframe is "Refused to frame because an ancestor violates the following Content Security Policy directive: “frame-ancestors ‘none’” ").
The issue I’m having is once I login successfully, the pop just goes white and gets stuck on the login/callback.
I’ve checked the logs, it says a successful log but it doesn’t say anything about an exchange (success or failure).
I’ve tested the pop up on a different application (react web app) and it works perfectly fine.
The login we are using is the Universal Login (the new one, not the classic)
I’m interested in any and all approaches for using the Universal Login in this context.
Thanks
I am working on some browser tests in selenium on Chrome. I have a script which ran on my personal machine can connect to a site and has no issues. However when the script is ran on a machine inside our network, it pops an authentication pop up. When I click cancel on the authentication box, it continues to a user login page which allows regular authentication. I have disabled IWA for the browser but it is still popping up.
I tried passing username#password:url but that did not work. Our test account is not connected to the domain and this website will try to use your Windows account but outside the network it defaults to the login page where we do have regular userid/pw for certain people (like our test account they created for us). We do not control the server so I cannot change that behavior.
I would normally close the alert in this case however selenium is not recognizing the authentication popup as an alert so the script just hangs. So step 2 would be the userid/password sent in the URL but that doesn't work either. I would prefer not to go the route of installing any other tools (like AutoIt) and try to solve this with settings.
Is there a way to skip the authentication popup in chrome? In the header the response is its using "Negotiate" for auth. I do not get that when testing on my local machine outside the network.
I am developing a web add-in and I open the Azure AD authentication window in a popup. However, I need to close this popup as soon as authentication is done. I am redirecting the user to another page where I have placed the javascript code to close the window. The code works fine in Chrome on Windows, Mac, also Outlook on Mac. However the code does not work on Outlook for Windows.
Is there any solution in javascript to close the browser window for any browser version and platform?
To avoid trouble with authentication across different browsers use the displayDialog API to complete the authentication workflow. This will allow you to close the dialog once the authentication is completed.
You know there is a web browser control in visual basic controls.
When we are using Auth2 for get into Google Apps(Gdrive,GPlay...) it opens a webpage in OS default browser(Chrome , Fire fox...) to get permissions. How can I make it to request from a web browser control on the form without opening other browsers?
The Google .Net client library is designed to open the users default browser for authentication.
The client library does not have the functionality to give you the url you would need to open it in a web browser control.
Sorry this is not possible
I was already using Firebase for authentication for other (related) projects and would like to stick with it.
Using Firebase with a Word add-in seems challenging. On Windows you're stuck with IE11 and on Mac (crucial for me) the browser used to load a taskpane is webkit, not the default browser.
I can get authentication on Windows to work just fine if I use signInWithRedirect (Google and Facebook).
But this won't work on Mac. Using signInWithRedirect opens a new tab in the default browser, which doesn't share cookies/data with the webkit browser the add-in actually uses.
When I switch to signInWithPopup, I get:
There is no application set to open the URL about:invalid%23zClosurez.
On Windows I get a popup IE11 window, for a split second, and it contains about:invalid%23zClosurez for a URL.
I have appdomains called out in my add-in XML manifest:
<AppDomains>
<AppDomain>https://writeitwithme-a114a.firebaseapp.com</AppDomain>
<AppDomain>https://www.firebaseapp.com</AppDomain>
<AppDomain>https://www.googleapis.com</AppDomain>
<AppDomain>https://www.facebook.com</AppDomain>
</AppDomains>
Any help appreciated. Worst case I drop to using manual registration, via Firebase, for Mac, but seems unfortunate to have to give up.
Just documenting for anyone finding this later.
I couldn't figure out how to use Firebase social login when creating an add-in for Mac. Every authentication window opened in the default browser, not the webkit engine used by Word on Mac. Sticking with manual login worked.
IE11 is always finicky when using localhost. I test elsewhere, then push files live and then try IE11 and social + manual login (via popup) works just fine.
I found the following resources from Microsoft docs that made this easier for me:
https://learn.microsoft.com/en-us/office/dev/add-ins/develop/dialog-api-in-office-add-ins
Basically you need to make a call to open up a dialogue box:
Office
.context
.UI
.displayDialogAsync(
'https://myDomain/myDialog.html',
{height: 30, width: 20, displayInIframe: true}
);
Then you can make your own page that does a login flow and passes a message (likely a credential of some kind) back to your plugin via the messageParent method:
Office.context.ui.messageParent(googleProfile);
From there you can do the following to sign in with the credential provided in your add-in:
firebase.auth().signInWithCredential(credential)
Also, be very careful with how you construct the URL of the dialogue box. I lost hours not knowing that the _host_Info param from the origin URL would mess stuff up (I was constructing my new URL from the origin URL). Figured it out in this github issue: https://github.com/OfficeDev/office-js/issues/378