OfficeDev · davidchesnut · Jan 13, 2025 · Jan 14, 2025 · Jan 21, 2025 · Jan 27, 2025
diff --git a/Samples/auth/Outlook-Add-in-SSO-NAA-Identity/.gitignore b/Samples/auth/Outlook-Add-in-SSO-NAA-Identity/.gitignore
diff --git a/Samples/auth/Outlook-Add-in-SSO-NAA-Identity/.vscode/extensions.json b/Samples/auth/Outlook-Add-in-SSO-NAA-Identity/.vscode/extensions.json
@@ -0,0 +1,14 @@
+{
+  // See http://go.microsoft.com/fwlink/?LinkId=827846 to learn about workspace recommendations.
+  // Extension identifier format: ${publisher}.${name}. Example: vscode.csharp
+
+  // List of extensions which should be recommended for users of this workspace.
+  "recommendations": [
+    "ms-edgedevtools.vscode-edge-devtools",
+    "dbaeumer.vscode-eslint",
+    "esbenp.prettier-vscode",
+    "msoffice.microsoft-office-add-in-debugger"
+  ],
+  // List of extensions recommended by VS Code that should not be recommended for users of this workspace.
+  "unwantedRecommendations": []
+}
diff --git a/Samples/auth/Outlook-Add-in-SSO-NAA-Identity/.vscode/launch.json b/Samples/auth/Outlook-Add-in-SSO-NAA-Identity/.vscode/launch.json
@@ -0,0 +1,42 @@
+{
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "name": "Outlook Desktop (Edge Chromium)",
+      "type": "msedge",
+      "request": "attach",
+      "port": 9229,
+      "timeout": 600000,
+      "webRoot": "${workspaceRoot}",
+      "preLaunchTask": "Debug: Outlook Desktop",
+      "postDebugTask": "Stop Debug"
+    },
+    {
+      "name": "Outlook Desktop (Edge Legacy)",
+      "type": "office-addin",
+      "request": "attach",
+      "url": "https://localhost:3000/taskpane.html?_host_Info=Outlook$Win32$16.01$en-US$$$$0",
+      "port": 9222,
+      "timeout": 600000,
+      "webRoot": "${workspaceRoot}",
+      "preLaunchTask": "Debug: Outlook Desktop",
+      "postDebugTask": "Stop Debug"
+    },
+    {
+      "name": "Middle Tier (launch and attach)",
+      "type": "node",
+      "request": "attach",
+      "port": 8080,
+      "timeout": 600000,
+      "preLaunchTask": "Debug: Desktop",
+      "postDebugTask": "Stop Debug"
+    },
+    {
+      "name": "Middle Tier (attach to existing)",
+      "type": "node",
+      "request": "attach",
+      "port": 8080,
+      "timeout": 600000
+    }
+  ]
+}
diff --git a/Samples/auth/Outlook-Add-in-SSO-NAA-Identity/.vscode/settings.json b/Samples/auth/Outlook-Add-in-SSO-NAA-Identity/.vscode/settings.json
@@ -0,0 +1,8 @@
+{
+  "eslint.validate": [
+    "javascript",
+    "javascriptreact",
+    "typescript"
+  ]
+}
+
diff --git a/Samples/auth/Outlook-Add-in-SSO-NAA-Identity/.vscode/tasks.json b/Samples/auth/Outlook-Add-in-SSO-NAA-Identity/.vscode/tasks.json
@@ -0,0 +1,186 @@
+{
+  "version": "2.0.0",
+  "tasks": [
+    {
+      "label": "Build (Development)",
+      "type": "npm",
+      "script": "build:dev",
+      "group": {
+        "kind": "build",
+        "isDefault": true
+      },
+      "presentation": {
+        "clear": true,
+        "panel": "shared",
+        "showReuseMessage": false
+      }
+    },
+    {
+      "label": "Build (Production)",
+      "type": "npm",
+      "script": "build",
+      "group": "build",
+      "presentation": {
+        "clear": true,
+        "panel": "shared",
+        "showReuseMessage": false
+      }
+    },
+    {
+      "label": "Debug: Desktop",
+      "type": "npm",
+      "script": "start",
+      "dependsOn": [
+        "Build (Development)"
+      ],
+      "dependsOrder": "sequence",
+      "presentation": {
+        "clear": true,
+        "panel": "dedicated"
+      },
+      "problemMatcher": []
+    },
+    {
+      "label": "Debug: Excel Desktop",
+      "type": "shell",
+      "command": "npm",
+      "args": [
+        "run",
+        "start:desktop",
+        "--",
+        "--app",
+        "excel"
+      ],
+      "dependsOn": [
+        "Build (Development)"
+      ],
+      "dependsOrder": "sequence",
+      "presentation": {
+        "clear": true,
+        "panel": "dedicated"
+      },
+      "problemMatcher": []
+    },
+    {
+      "label": "Debug: Outlook Desktop",
+      "type": "shell",
+      "command": "npm",
+      "args": [
+        "run",
+        "start:desktop",
+        "--",
+        "--app",
+        "outlook"
+      ],
+      "dependsOn": [
+        "Build (Development)"
+      ],
+      "dependsOrder": "sequence",
+      "presentation": {
+        "clear": true,
+        "panel": "dedicated"
+      },
+      "problemMatcher": []
+    },
+    {
+      "label": "Debug: PowerPoint Desktop",
+      "type": "shell",
+      "command": "npm",
+      "args": [
+        "run",
+        "start:desktop",
+        "--",
+        "--app",
+        "powerpoint"
+      ],
+      "dependsOn": [
+        "Build (Development)"
+      ],
+      "dependsOrder": "sequence",
+      "presentation": {
+        "clear": true,
+        "panel": "dedicated"
+      },
+      "problemMatcher": []
+    },
+    {
+      "label": "Debug: Word Desktop",
+      "type": "shell",
+      "command": "npm",
+      "args": [
+        "run",
+        "start:desktop",
+        "--",
+        "--app",
+        "word"
+      ],
+      "dependsOn": [
+        "Build (Development)"
+      ],
+      "dependsOrder": "sequence",
+      "presentation": {
+        "clear": true,
+        "panel": "dedicated"
+      },
+      "problemMatcher": []
+    },
+    {
+      "label": "Dev Server",
+      "type": "npm",
+      "script": "dev-server",
+      "presentation": {
+        "clear": true,
+        "panel": "dedicated"
+      },
+      "problemMatcher": []
+    },
+    {
+      "label": "Install",
+      "type": "npm",
+      "script": "install",
+      "presentation": {
+        "clear": true,
+        "panel": "shared",
+        "showReuseMessage": false
+      },
+      "problemMatcher": []
+    },
+    {
+      "label": "Lint: Check for problems",
+      "type": "npm",
+      "script": "lint",
+      "problemMatcher": [
+        "$eslint-stylish"
+      ]
+    },
+    {
+      "label": "Lint: Fix all auto-fixable problems",
+      "type": "npm",
+      "script": "lint:fix",
+      "problemMatcher": [
+        "$eslint-stylish"
+      ]
+    },
+    {
+      "label": "Stop Debug",
+      "type": "npm",
+      "script": "stop",
+      "presentation": {
+        "clear": true,
+        "panel": "shared",
+        "showReuseMessage": false
+      },
+      "problemMatcher": []
+    },
+    {
+      "label": "Watch",
+      "type": "npm",
+      "script": "watch",
+      "presentation": {
+        "clear": true,
+        "panel": "dedicated"
+      },
+      "problemMatcher": []
+    }
+  ]
+}
diff --git a/Samples/auth/Outlook-Add-in-SSO-NAA-Identity/API/app.js b/Samples/auth/Outlook-Add-in-SSO-NAA-Identity/API/app.js
@@ -0,0 +1,27 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+// This file is the main Node.js server file that defines the express middleware.
+
+const express = require('express');
+const morgan = require('morgan');
+const cors = require('cors');
+const apiRouter = require('./routes/index');
+
+const app = express();
+
+/**
+ * Enable CORS middleware. In production, modify as to allow only designated origins and methods.
+ * If you are using Azure App Service, we recommend removing the line below and configure CORS on the App Service itself.
+ */
+app.use(cors());
+
+app.use(express.json());
+app.use(express.urlencoded({ extended: false }));
+app.use(morgan('dev'));
+
+app.use('/api', apiRouter);
+
+const port = process.env.PORT || 5000;
+
+module.exports = app;
diff --git a/Samples/auth/Outlook-Add-in-SSO-NAA-Identity/API/controllers/todolist.js b/Samples/auth/Outlook-Add-in-SSO-NAA-Identity/API/controllers/todolist.js
@@ -0,0 +1,92 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+const lowdb = require('lowdb');
+const FileSync = require('lowdb/adapters/FileSync');
+const adapter = new FileSync('./data/db.json');
+const db = lowdb(adapter);
+const { v4: uuidv4 } = require('uuid');
+
+const authConfig = require('../server-helpers/authConfig');
+
+// Get todo list for user identified by oid claim and return the list to caller.
+exports.getTodos = (req, res, next) => {
+    // Check that caller has the delegated todolist.read permission from the user.
+    if (hasRequiredDelegatedPermissions(req.authInfo, authConfig.protectedRoutes.todolist.delegatedPermissions.read)) {
+
+        try {
+            const owner = req.authInfo['oid'];
+
+            const todos = db.get('todos')
+                .filter({ owner: owner })
+                .value();
+
+            res.status(200).send(todos);
+        } catch (error) {
+            next(error);
+        }
+    } else {
+        next(new Error('User does not have the required permissions.'));
+    }
+}
+
+// Add a new todo item to the db for the user identified by oid claim.
+exports.postTodo = (req, res, next) => {
+    // Check that caller has the delegated todolist.readwrite permission from the user.
+    if (hasRequiredDelegatedPermissions(req.authInfo, authConfig.protectedRoutes.todolist.delegatedPermissions.readWrite)) {
+
+        try {
+            const todo = {
+                description: req.body.description,
+                id: uuidv4(),
+                owner: req.authInfo['oid'] // oid is the only claim that should be used to uniquely identify a user in an Entra tenant.
+            };
+
+            db.get('todos').push(todo).write();
+
+            res.status(200).json(todo);
+        } catch (error) {
+            next(error);
+        }
+    } else (
+        next(new Error('User does not have the required permissions.'))
+    )
+}
+
+// Delete a todo item by id and user's oid claim.
+exports.deleteTodo = (req, res, next) => {
+    // Check that caller has the delegated todolist.readwrite permission from the user.
+    if (hasRequiredDelegatedPermissions(req.authInfo, authConfig.protectedRoutes.todolist.delegatedPermissions.readWrite)) {
+        try {
+            const id = req.params.id;
+            const owner = req.authInfo['oid'];
+
+            db.get('todos')
+                .remove({ owner: owner, id: id })
+                .write();
+
+            res.status(200).json({ message: "success" });
+        } catch (error) {
+            next(error);
+        }
+    } else {
+        next(new Error('User does not have the required permissions'))
+    }
+}
+
+/**
+ * Ensures that the access token has the specified delegated permissions.
+ * @param {Object} accessTokenPayload: Parsed access token payload.
+ * @param {Array} requiredPermission: list of required permissions.
+ * @returns {boolean}
+ */
+const hasRequiredDelegatedPermissions = (accessTokenPayload, requiredPermission) => {
+    const normalizedRequiredPermissions = requiredPermission.map(permission => permission.toUpperCase());
+
+    if (accessTokenPayload.hasOwnProperty('scp') && accessTokenPayload.scp.split(' ')
+        .some(claim => normalizedRequiredPermissions.includes(claim.toUpperCase()))) {
+        return true;
+    }
+
+    return false;
+}
diff --git a/Samples/auth/Outlook-Add-in-SSO-NAA-Identity/API/data/db.json b/Samples/auth/Outlook-Add-in-SSO-NAA-Identity/API/data/db.json
@@ -0,0 +1,3 @@
+{
+  "todos": []
+}