I want my Outlook 365 integration to use both, the Outlook JS Add-In API, and the Outlook REST API.
But as I see it, it has separate permission/credential handling:
- The Outlook Add-In API has following permissions: Restricted, ReadItem, ReadWriteItem, or ReadWriteMailbox
- The Outlook REST API has full OAuth2 support with scopes, e.g. the
offline_access
scope which interest me the most.
What I wan't is to use the Outlook Add-In to give the user additional UI elements, and use the Outlook REST API to keep my data in sync with Outlook data.
Is it possible without forcing the user to give consent twice? That is firstly by giving consent for the Add-In when installing it, and then consent for our app which uses the Outlook REST API for sync jobs.
To my knowledge, it is not possible now without asking the end user to complete a second, OAUTH based, authentication flow.
Note that you can use EWS (Exchange Web Services, which is not REST) without a secondary authentication flow, if you need to access data not provided by Office.js
Have a look at
getUserIdentityTokenAsync
ormakeEwsRequestAsync
here.