API getAccessTokenAsync gives Token with empty payload


Hey all,


I am actually doing plenty of stuff with Office Addins, following the guides and patterns Microsoft is giving especially for the use of the new Identity API in the Office clients for an SSO experience.


Everthing is fine on the dev stages, after some wrapping my head around the concepts I have my React app as Word/Outlook Addin with Node.js/Expressjs middleware and plenty other stuff that does not matter here.


When bringing this from Dev to Prod, I struggle with a strange effect in the customers Office 365 tenant that prevents a decoding of the token one gets from the Office client on the users side ( see https://docs.microsoft.com/de-de/office/dev/add-ins/develop/sso-in-office-add-ins#add-client-side-co... for reference, we are talking about getting the local token as starting point for a AAD V2 endpoint authentication by calling Office.context.auth.getAccessTokenAsync()). After a lot of debugging I figured out that the token does not contain the data it should have and therefore is not able to be decoded in the middleware. Looks something like this:


Token in our very own Office tenant -> Screenshot 1

Token in customer tenant -> Screenshot 2


As one can see the whole payload is empty. I can't do much more here than calling the JavaScript method and make sure the API is loaded (works as I get at least something). Has anyone an idea what is happening here?

1 Reply

Ok, so here is a bit more info: turns out that the tokens I am getting are missing the signature part. Means that it misses the second dot and the part behind it.