Office API call to getUserIdentityTokenAsync() returns a null token












1















Our Outlook add-in runs successfully for our production clients except for one specific tenant.



With this one tenant, the Office API call to getUserIdentityTokenAsync() returns a null token.



Here is what I have determined from reviewing our logs:




  1. When they access the addin from the Mac Outlook client, getUserIdentityTokenAsync() returns "Status" = "failed" with error code "9017".


  2. When they access the addin from Chrome or Firefox, getUserIdentityTokenAsync() returns "Status" = "succeeded" but the token value is null.



Their self-hosted Microsoft Exchange server version is 15.1.1531.3 and I have confirmed Exchange Web Services is enabled.



Does anyone have insight as to why this method is failing to return a token?






office-js outlook-web-addins







share|improve this question























  • What permissions did you specify in the manifest for your add-in? Does updating to the latest CU fix this issue?

    – Outlook Add-ins Team - MSFT
    Nov 14 '18 at 19:29











  • What version of Mac Outlook is seeing this call fail?

    – Outlook Add-ins Team - MSFT
    Nov 14 '18 at 19:30











  • Adam, I noticed you posted something similar in October 2017, is it the same outstanding issue since then? I'm not sure what could be relevant in particular, but first thing that comes to my mind is if authentication flow is different -- do they authenticate directly to cloud, or do they get redirected to on-prem ADFS or other means, etc. Is there something different between this tenant and the others in terms of authentication. Do they have matching UPNs etc., etc. between on-prem and AAD. Grasping at anything here.

    – Brian Clink
    Nov 14 '18 at 19:54











  • Look at the Fiddler trace / browser debugger to see what the response is to the request https://<server>/owa/service.svc?action=GetClientAccessToken&EP=xxxx&ID=xxxx&AC=xxxx, maybe it will shed some light on it if there is a particular error in getting the client access token.

    – Brian Clink
    Nov 14 '18 at 20:40











  • Here is the permissions xml tag in our manifest <Permissions>ReadWriteItem</Permissions>. The client is on exchange version 15.1.1531.3, is there a more recent version of Exchange 2016?

    – Adam Hickey
    Nov 14 '18 at 21:23


















1















Our Outlook add-in runs successfully for our production clients except for one specific tenant.



With this one tenant, the Office API call to getUserIdentityTokenAsync() returns a null token.



Here is what I have determined from reviewing our logs:




  1. When they access the addin from the Mac Outlook client, getUserIdentityTokenAsync() returns "Status" = "failed" with error code "9017".


  2. When they access the addin from Chrome or Firefox, getUserIdentityTokenAsync() returns "Status" = "succeeded" but the token value is null.



Their self-hosted Microsoft Exchange server version is 15.1.1531.3 and I have confirmed Exchange Web Services is enabled.



Does anyone have insight as to why this method is failing to return a token?






office-js outlook-web-addins







share|improve this question























  • What permissions did you specify in the manifest for your add-in? Does updating to the latest CU fix this issue?

    – Outlook Add-ins Team - MSFT
    Nov 14 '18 at 19:29











  • What version of Mac Outlook is seeing this call fail?

    – Outlook Add-ins Team - MSFT
    Nov 14 '18 at 19:30











  • Adam, I noticed you posted something similar in October 2017, is it the same outstanding issue since then? I'm not sure what could be relevant in particular, but first thing that comes to my mind is if authentication flow is different -- do they authenticate directly to cloud, or do they get redirected to on-prem ADFS or other means, etc. Is there something different between this tenant and the others in terms of authentication. Do they have matching UPNs etc., etc. between on-prem and AAD. Grasping at anything here.

    – Brian Clink
    Nov 14 '18 at 19:54











  • Look at the Fiddler trace / browser debugger to see what the response is to the request https://<server>/owa/service.svc?action=GetClientAccessToken&EP=xxxx&ID=xxxx&AC=xxxx, maybe it will shed some light on it if there is a particular error in getting the client access token.

    – Brian Clink
    Nov 14 '18 at 20:40











  • Here is the permissions xml tag in our manifest <Permissions>ReadWriteItem</Permissions>. The client is on exchange version 15.1.1531.3, is there a more recent version of Exchange 2016?

    – Adam Hickey
    Nov 14 '18 at 21:23
















1












1








1


2






Our Outlook add-in runs successfully for our production clients except for one specific tenant.



With this one tenant, the Office API call to getUserIdentityTokenAsync() returns a null token.



Here is what I have determined from reviewing our logs:




  1. When they access the addin from the Mac Outlook client, getUserIdentityTokenAsync() returns "Status" = "failed" with error code "9017".


  2. When they access the addin from Chrome or Firefox, getUserIdentityTokenAsync() returns "Status" = "succeeded" but the token value is null.



Their self-hosted Microsoft Exchange server version is 15.1.1531.3 and I have confirmed Exchange Web Services is enabled.



Does anyone have insight as to why this method is failing to return a token?






office-js outlook-web-addins







share|improve this question














Our Outlook add-in runs successfully for our production clients except for one specific tenant.



With this one tenant, the Office API call to getUserIdentityTokenAsync() returns a null token.



Here is what I have determined from reviewing our logs:




  1. When they access the addin from the Mac Outlook client, getUserIdentityTokenAsync() returns "Status" = "failed" with error code "9017".


  2. When they access the addin from Chrome or Firefox, getUserIdentityTokenAsync() returns "Status" = "succeeded" but the token value is null.



Their self-hosted Microsoft Exchange server version is 15.1.1531.3 and I have confirmed Exchange Web Services is enabled.



Does anyone have insight as to why this method is failing to return a token?






office-js outlook-web-addins




office-js outlook-web-addins






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 14 '18 at 17:02









Adam HickeyAdam Hickey

265




265













  • What permissions did you specify in the manifest for your add-in? Does updating to the latest CU fix this issue?

    – Outlook Add-ins Team - MSFT
    Nov 14 '18 at 19:29











  • What version of Mac Outlook is seeing this call fail?

    – Outlook Add-ins Team - MSFT
    Nov 14 '18 at 19:30











  • Adam, I noticed you posted something similar in October 2017, is it the same outstanding issue since then? I'm not sure what could be relevant in particular, but first thing that comes to my mind is if authentication flow is different -- do they authenticate directly to cloud, or do they get redirected to on-prem ADFS or other means, etc. Is there something different between this tenant and the others in terms of authentication. Do they have matching UPNs etc., etc. between on-prem and AAD. Grasping at anything here.

    – Brian Clink
    Nov 14 '18 at 19:54











  • Look at the Fiddler trace / browser debugger to see what the response is to the request https://<server>/owa/service.svc?action=GetClientAccessToken&EP=xxxx&ID=xxxx&AC=xxxx, maybe it will shed some light on it if there is a particular error in getting the client access token.

    – Brian Clink
    Nov 14 '18 at 20:40











  • Here is the permissions xml tag in our manifest <Permissions>ReadWriteItem</Permissions>. The client is on exchange version 15.1.1531.3, is there a more recent version of Exchange 2016?

    – Adam Hickey
    Nov 14 '18 at 21:23





















  • What permissions did you specify in the manifest for your add-in? Does updating to the latest CU fix this issue?

    – Outlook Add-ins Team - MSFT
    Nov 14 '18 at 19:29











  • What version of Mac Outlook is seeing this call fail?

    – Outlook Add-ins Team - MSFT
    Nov 14 '18 at 19:30











  • Adam, I noticed you posted something similar in October 2017, is it the same outstanding issue since then? I'm not sure what could be relevant in particular, but first thing that comes to my mind is if authentication flow is different -- do they authenticate directly to cloud, or do they get redirected to on-prem ADFS or other means, etc. Is there something different between this tenant and the others in terms of authentication. Do they have matching UPNs etc., etc. between on-prem and AAD. Grasping at anything here.

    – Brian Clink
    Nov 14 '18 at 19:54











  • Look at the Fiddler trace / browser debugger to see what the response is to the request https://<server>/owa/service.svc?action=GetClientAccessToken&EP=xxxx&ID=xxxx&AC=xxxx, maybe it will shed some light on it if there is a particular error in getting the client access token.

    – Brian Clink
    Nov 14 '18 at 20:40











  • Here is the permissions xml tag in our manifest <Permissions>ReadWriteItem</Permissions>. The client is on exchange version 15.1.1531.3, is there a more recent version of Exchange 2016?

    – Adam Hickey
    Nov 14 '18 at 21:23



















What permissions did you specify in the manifest for your add-in? Does updating to the latest CU fix this issue?

– Outlook Add-ins Team - MSFT
Nov 14 '18 at 19:29





What permissions did you specify in the manifest for your add-in? Does updating to the latest CU fix this issue?

– Outlook Add-ins Team - MSFT
Nov 14 '18 at 19:29













What version of Mac Outlook is seeing this call fail?

– Outlook Add-ins Team - MSFT
Nov 14 '18 at 19:30





What version of Mac Outlook is seeing this call fail?

– Outlook Add-ins Team - MSFT
Nov 14 '18 at 19:30













Adam, I noticed you posted something similar in October 2017, is it the same outstanding issue since then? I'm not sure what could be relevant in particular, but first thing that comes to my mind is if authentication flow is different -- do they authenticate directly to cloud, or do they get redirected to on-prem ADFS or other means, etc. Is there something different between this tenant and the others in terms of authentication. Do they have matching UPNs etc., etc. between on-prem and AAD. Grasping at anything here.

– Brian Clink
Nov 14 '18 at 19:54





Adam, I noticed you posted something similar in October 2017, is it the same outstanding issue since then? I'm not sure what could be relevant in particular, but first thing that comes to my mind is if authentication flow is different -- do they authenticate directly to cloud, or do they get redirected to on-prem ADFS or other means, etc. Is there something different between this tenant and the others in terms of authentication. Do they have matching UPNs etc., etc. between on-prem and AAD. Grasping at anything here.

– Brian Clink
Nov 14 '18 at 19:54













Look at the Fiddler trace / browser debugger to see what the response is to the request https://<server>/owa/service.svc?action=GetClientAccessToken&EP=xxxx&ID=xxxx&AC=xxxx, maybe it will shed some light on it if there is a particular error in getting the client access token.

– Brian Clink
Nov 14 '18 at 20:40





Look at the Fiddler trace / browser debugger to see what the response is to the request https://<server>/owa/service.svc?action=GetClientAccessToken&EP=xxxx&ID=xxxx&AC=xxxx, maybe it will shed some light on it if there is a particular error in getting the client access token.

– Brian Clink
Nov 14 '18 at 20:40













Here is the permissions xml tag in our manifest <Permissions>ReadWriteItem</Permissions>. The client is on exchange version 15.1.1531.3, is there a more recent version of Exchange 2016?

– Adam Hickey
Nov 14 '18 at 21:23







Here is the permissions xml tag in our manifest <Permissions>ReadWriteItem</Permissions>. The client is on exchange version 15.1.1531.3, is there a more recent version of Exchange 2016?

– Adam Hickey
Nov 14 '18 at 21:23














0






active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53305330%2foffice-api-call-to-getuseridentitytokenasync-returns-a-null-token%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53305330%2foffice-api-call-to-getuseridentitytokenasync-returns-a-null-token%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

The Sandy Post

Image
The Sandy Post From Wikipedia, the free encyclopedia Jump to navigation Jump to search The Sandy Post Type Weekly Newspaper Format Tabloid Owner(s) Community Newspapers/Pamplin Media Group Publisher J. Mark Garber Editor Steve Brown Founded 1937  ( 1937 ) Headquarters Sandy, Oregon Circulation 3,800 Website www.pamplinmedia.com/sandy-post-home/ This article needs additional citations for verification . Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. (February 2010) (Learn how and when to remove this template message) The Sandy Post is a weekly newspaper, published in Sandy, Oregon, United States. The paper, founded in 1937, serves the communities of Sandy, Boring, the Villages at Mount Hood and the surrounding areas. The newspaper is owned by Community Newspapers/Pamplin Media Group, a company of ...
Read more

Danny Elfman

Image
Danny Elfman From Wikipedia, the free encyclopedia Jump to navigation Jump to search Danny Elfman Elfman at the 2010 San Diego Comic-Con Born Daniel Robert Elfman ( 1953-05-29 ) May 29, 1953 (age 65) Los Angeles, California, U.S. Spouse(s) Bridget Fonda ( m.  2003) Children 1 Musical career Genres Rock [1] ska [2] new wave film music video game music Occupation(s) Composer, singer, songwriter, record producer Instruments Trombone guitar percussion vocals keyboards [3] Years active 1972–present Associated acts Oingo Boingo James Newton Howard Daniel Robert Elfman (born May 29, 1953) is an American composer, singer, songwriter, and record producer. Elfman first became known for being the lead singer and songwriter for the band Oingo Boingo from 1974 to 1995. He is well known for scoring films and television shows, particularly his frequent collabora...
Read more

Pages that link to "Head v. Amoskeag Manufacturing Co."

Image
Help Pages that link to "Head v. Amoskeag Manufacturing Co." ← Head v. Amoskeag Manufacturing Co. Jump to navigation Jump to search What links here Page:   Namespace:  all (Article) Talk User User talk Wikipedia Wikipedia talk File File talk MediaWiki MediaWiki talk Template Template talk Help Help talk Category Category talk Portal Portal talk Book Book talk Draft Draft talk TimedText TimedText talk Module Module talk Gadget Gadget talk Gadget definition Gadget definition talk   Invert selection Filters Hide transclusions | Hide links | Hide redirects The following pages link to Head v. Amoskeag Manufacturing Co. External tools: Show redirects only View (previous 50 | next 50) (20 | 50 | 100 | 250 | 500) Amoskeag Manufacturing Company ‎ (links | edit) List of United States Supreme Court cases by the Waite Court ‎ (links | edit) Talk:Head v. Amoskeag Manuf...
Read more