Nested App Authentication Not Supported in Dialog Window? Not able to fetch access token from Outlook dialog.

[Niloofir-IMAN]

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

3.28.1

Wrapper Library

Not Applicable

Wrapper Library Version

1

Public or Confidential Client?

Public

Description

I have implemented Nested App Authentication (NAA) in my Outlook add-in, and it works as expected in the task pane. I'm able to acquire tokens using pca.acquireTokenSilent(). However, in my application, users can open a dialog window where Outlook folders are displayed. I need to call the Microsoft Graph API from this dialog window to fetch folder details, but I am unable to invoke NAA from the dialog.

When I check the requirement set support in the dialog, it returns a different result than in the task pane:

Office.context.requirements.isSetSupported("NestedAppAuth", "1.1"); returns true in the task pane.

Office.context.requirements.isSetSupported("NestedAppAuth", "1.1"); returns false in the dialog.

Expected Behavior
Nested App Authentication should be supported in the dialog window to allow seamless token acquisition for invoking the Microsoft Graph API.

Current Behavior
NAA does not seem to be supported in the dialog window, as indicated by the return value of Office.context.requirements.isSetSupported("NestedAppAuth", "1.1");.

Question
Is Nested App Authentication not supported in dialog windows? If so, are there alternative ways to invoke the Microsoft Graph API from a dialog?

Any guidance or recommended approaches for working around this limitation would be greatly appreciated!

Error Message

No response

MSAL Logs

No response

Network Trace (Preferrably Fiddler)

• Sent
• Pending

MSAL Configuration

auth: {
      authority: "https://login.microsoftonline.com/organizations",
      clientId,
  }

Relevant Code Snippets

private static isNestedAppAuthSupported() {
    return Office.context.requirements.isSetSupported("NestedAppAuth", "1.1");
  }

Reproduction Steps

1. Implement Nested App Authentication in an Outlook add-in.

2. Open a dialog window and attempt to invoke NAA.

3. Call Office.context.requirements.isSetSupported("NestedAppAuth", "1.1"); from both the task pane and dialog.

Expected Behavior

Nested App Authentication should be supported in the dialog window to allow seamless token acquisition for invoking the Microsoft Graph API.

Identity Provider

Entra ID (formerly Azure AD) / MSA

Browsers Affected (Select all that apply)

None (Server)

Regression

No response

[demkantor]

We are facing a similar issue running @azure/msal-browser 4.10.0 and @azure/msal-react 3.0.9
open ticket in office.js
silent tokens work fine in the task pane but we have a popup window for users to login to MS and self approve scopes
this used to work and trying to pinpoint where it stopped, but continues to work on localhost

when coming from the popout Entra ID admin panel shows successful but we run into a JS exemption preventing us from sending token from child popup window to parent taskpane

error:
TypeError: Cannot read properties of null (reading 'apply') at e.<computed> [as replaceState] (VM692 heap.js:2:318806)

in popup window devtools console

Office.context.requirements.isSetSupported("NestedAppAuth", "1.1")
false