├── .gitignore ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── SECURITY.md ├── TokenValidationService.sln └── TokenValidationService ├── Add-in ├── Dialog │ ├── Dialog.css │ ├── Dialog.html │ └── Dialog.js ├── FunctionFile │ ├── Functions.html │ └── Functions.js ├── TaskPane │ ├── TaskPane.css │ ├── TaskPane.html │ └── TaskPane.js ├── images │ ├── close.png │ ├── hi-res-icon.png │ ├── icon-16.png │ ├── icon-32.png │ └── icon-80.png ├── jsconfig.json ├── manifest-outlook-token-viewer.xml ├── manifest.xsd └── scripts │ └── decode-token.js ├── App_Data └── XmlDocument.xml ├── App_Start ├── BundleConfig.cs ├── FilterConfig.cs ├── RouteConfig.cs └── WebApiConfig.cs ├── ApplicationInsights.config ├── Areas └── HelpPage │ ├── ApiDescriptionExtensions.cs │ ├── App_Start │ └── HelpPageConfig.cs │ ├── Controllers │ └── HelpController.cs │ ├── HelpPage.css │ ├── HelpPageAreaRegistration.cs │ ├── HelpPageConfigurationExtensions.cs │ ├── ModelDescriptions │ ├── CollectionModelDescription.cs │ ├── ComplexTypeModelDescription.cs │ ├── DictionaryModelDescription.cs │ ├── EnumTypeModelDescription.cs │ ├── EnumValueDescription.cs │ ├── IModelDocumentationProvider.cs │ ├── KeyValuePairModelDescription.cs │ ├── ModelDescription.cs │ ├── ModelDescriptionGenerator.cs │ ├── ModelNameAttribute.cs │ ├── ModelNameHelper.cs │ ├── ParameterAnnotation.cs │ ├── ParameterDescription.cs │ └── SimpleTypeModelDescription.cs │ ├── Models │ └── HelpPageApiModel.cs │ ├── SampleGeneration │ ├── HelpPageSampleGenerator.cs │ ├── HelpPageSampleKey.cs │ ├── ImageSample.cs │ ├── InvalidSample.cs │ ├── ObjectGenerator.cs │ ├── SampleDirection.cs │ └── TextSample.cs │ ├── Views │ ├── Help │ │ ├── Api.cshtml │ │ ├── DisplayTemplates │ │ │ ├── ApiGroup.cshtml │ │ │ ├── CollectionModelDescription.cshtml │ │ │ ├── ComplexTypeModelDescription.cshtml │ │ │ ├── DictionaryModelDescription.cshtml │ │ │ ├── EnumTypeModelDescription.cshtml │ │ │ ├── HelpPageApiModel.cshtml │ │ │ ├── ImageSample.cshtml │ │ │ ├── InvalidSample.cshtml │ │ │ ├── KeyValuePairModelDescription.cshtml │ │ │ ├── ModelDescriptionLink.cshtml │ │ │ ├── Parameters.cshtml │ │ │ ├── Samples.cshtml │ │ │ ├── SimpleTypeModelDescription.cshtml │ │ │ └── TextSample.cshtml │ │ ├── Index.cshtml │ │ └── ResourceModel.cshtml │ ├── Shared │ │ └── _Layout.cshtml │ ├── Web.config │ └── _ViewStart.cshtml │ └── XmlDocumentationProvider.cs ├── Content ├── Site.css ├── bootstrap-theme.css ├── bootstrap-theme.css.map ├── bootstrap-theme.min.css ├── bootstrap-theme.min.css.map ├── bootstrap.css ├── bootstrap.css.map ├── bootstrap.min.css └── bootstrap.min.css.map ├── Controllers ├── HomeController.cs ├── ValidateExchangeTokenController.cs └── ValidateSsoTokenController.cs ├── Global.asax ├── Global.asax.cs ├── Models ├── AddInSsoToken.cs ├── ExchangeAppContext.cs ├── ExchangeAuthMetadata.cs ├── ExchangeIdToken.cs ├── ExchangeKey.cs ├── IdTokenValidationResult.cs └── SsoTokenValidationResult.cs ├── Properties └── AssemblyInfo.cs ├── Scripts ├── bootstrap.js ├── bootstrap.min.js ├── jquery-3.2.1.intellisense.js ├── jquery-3.2.1.js ├── jquery-3.2.1.min.js ├── jquery-3.2.1.min.map ├── jquery-3.2.1.slim.js ├── jquery-3.2.1.slim.min.js ├── jquery-3.2.1.slim.min.map ├── modernizr-2.8.3.js ├── respond.js ├── respond.matchmedia.addListener.js ├── respond.matchmedia.addListener.min.js └── respond.min.js ├── TokenValidationService.csproj ├── Views ├── Home │ └── Index.cshtml ├── Shared │ ├── Error.cshtml │ └── _Layout.cshtml ├── Web.config └── _ViewStart.cshtml ├── Web.Debug.config ├── Web.Release.config ├── Web.config ├── favicon.ico ├── fonts ├── glyphicons-halflings-regular.eot ├── glyphicons-halflings-regular.svg ├── glyphicons-halflings-regular.ttf ├── glyphicons-halflings-regular.woff └── glyphicons-halflings-regular.woff2 └── packages.config /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | ## 4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore 5 | 6 | # User-specific files 7 | *.suo 8 | *.user 9 | *.userosscache 10 | *.sln.docstates 11 | 12 | # User-specific files (MonoDevelop/Xamarin Studio) 13 | *.userprefs 14 | 15 | # Build results 16 | [Dd]ebug/ 17 | [Dd]ebugPublic/ 18 | [Rr]elease/ 19 | [Rr]eleases/ 20 | x64/ 21 | x86/ 22 | bld/ 23 | [Bb]in/ 24 | [Oo]bj/ 25 | [Ll]og/ 26 | 27 | # Visual Studio 2015 cache/options directory 28 | .vs/ 29 | # Uncomment if you have tasks that create the project's static files in wwwroot 30 | #wwwroot/ 31 | 32 | # MSTest test Results 33 | [Tt]est[Rr]esult*/ 34 | [Bb]uild[Ll]og.* 35 | 36 | # NUNIT 37 | *.VisualState.xml 38 | TestResult.xml 39 | 40 | # Build Results of an ATL Project 41 | [Dd]ebugPS/ 42 | [Rr]eleasePS/ 43 | dlldata.c 44 | 45 | # .NET Core 46 | project.lock.json 47 | project.fragment.lock.json 48 | artifacts/ 49 | **/Properties/launchSettings.json 50 | 51 | *_i.c 52 | *_p.c 53 | *_i.h 54 | *.ilk 55 | *.meta 56 | *.obj 57 | *.pch 58 | *.pdb 59 | *.pgc 60 | *.pgd 61 | *.rsp 62 | *.sbr 63 | *.tlb 64 | *.tli 65 | *.tlh 66 | *.tmp 67 | *.tmp_proj 68 | *.log 69 | *.vspscc 70 | *.vssscc 71 | .builds 72 | *.pidb 73 | *.svclog 74 | *.scc 75 | 76 | # Chutzpah Test files 77 | _Chutzpah* 78 | 79 | # Visual C++ cache files 80 | ipch/ 81 | *.aps 82 | *.ncb 83 | *.opendb 84 | *.opensdf 85 | *.sdf 86 | *.cachefile 87 | *.VC.db 88 | *.VC.VC.opendb 89 | 90 | # Visual Studio profiler 91 | *.psess 92 | *.vsp 93 | *.vspx 94 | *.sap 95 | 96 | # TFS 2012 Local Workspace 97 | $tf/ 98 | 99 | # Guidance Automation Toolkit 100 | *.gpState 101 | 102 | # ReSharper is a .NET coding add-in 103 | _ReSharper*/ 104 | *.[Rr]e[Ss]harper 105 | *.DotSettings.user 106 | 107 | # JustCode is a .NET coding add-in 108 | .JustCode 109 | 110 | # TeamCity is a build add-in 111 | _TeamCity* 112 | 113 | # DotCover is a Code Coverage Tool 114 | *.dotCover 115 | 116 | # Visual Studio code coverage results 117 | *.coverage 118 | *.coveragexml 119 | 120 | # NCrunch 121 | _NCrunch_* 122 | .*crunch*.local.xml 123 | nCrunchTemp_* 124 | 125 | # MightyMoose 126 | *.mm.* 127 | AutoTest.Net/ 128 | 129 | # Web workbench (sass) 130 | .sass-cache/ 131 | 132 | # Installshield output folder 133 | [Ee]xpress/ 134 | 135 | # DocProject is a documentation generator add-in 136 | DocProject/buildhelp/ 137 | DocProject/Help/*.HxT 138 | DocProject/Help/*.HxC 139 | DocProject/Help/*.hhc 140 | DocProject/Help/*.hhk 141 | DocProject/Help/*.hhp 142 | DocProject/Help/Html2 143 | DocProject/Help/html 144 | 145 | # Click-Once directory 146 | publish/ 147 | 148 | # Publish Web Output 149 | *.[Pp]ublish.xml 150 | *.azurePubxml 151 | # TODO: Comment the next line if you want to checkin your web deploy settings 152 | # but database connection strings (with potential passwords) will be unencrypted 153 | *.pubxml 154 | *.publishproj 155 | 156 | # Microsoft Azure Web App publish settings. Comment the next line if you want to 157 | # checkin your Azure Web App publish settings, but sensitive information contained 158 | # in these scripts will be unencrypted 159 | PublishScripts/ 160 | 161 | # NuGet Packages 162 | *.nupkg 163 | # The packages folder can be ignored because of Package Restore 164 | **/packages/* 165 | # except build/, which is used as an MSBuild target. 166 | !**/packages/build/ 167 | # Uncomment if necessary however generally it will be regenerated when needed 168 | #!**/packages/repositories.config 169 | # NuGet v3's project.json files produces more ignorable files 170 | *.nuget.props 171 | *.nuget.targets 172 | 173 | # Microsoft Azure Build Output 174 | csx/ 175 | *.build.csdef 176 | 177 | # Microsoft Azure Emulator 178 | ecf/ 179 | rcf/ 180 | 181 | # Windows Store app package directories and files 182 | AppPackages/ 183 | BundleArtifacts/ 184 | Package.StoreAssociation.xml 185 | _pkginfo.txt 186 | 187 | # Visual Studio cache files 188 | # files ending in .cache can be ignored 189 | *.[Cc]ache 190 | # but keep track of directories ending in .cache 191 | !*.[Cc]ache/ 192 | 193 | # Others 194 | ClientBin/ 195 | ~$* 196 | *~ 197 | *.dbmdl 198 | *.dbproj.schemaview 199 | *.jfm 200 | *.pfx 201 | *.publishsettings 202 | orleans.codegen.cs 203 | 204 | # Since there are multiple workflows, uncomment next line to ignore bower_components 205 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) 206 | #bower_components/ 207 | 208 | # RIA/Silverlight projects 209 | Generated_Code/ 210 | 211 | # Backup & report files from converting an old project file 212 | # to a newer Visual Studio version. Backup files are not needed, 213 | # because we have git ;-) 214 | _UpgradeReport_Files/ 215 | Backup*/ 216 | UpgradeLog*.XML 217 | UpgradeLog*.htm 218 | 219 | # SQL Server files 220 | *.mdf 221 | *.ldf 222 | *.ndf 223 | 224 | # Business Intelligence projects 225 | *.rdl.data 226 | *.bim.layout 227 | *.bim_*.settings 228 | 229 | # Microsoft Fakes 230 | FakesAssemblies/ 231 | 232 | # GhostDoc plugin setting file 233 | *.GhostDoc.xml 234 | 235 | # Node.js Tools for Visual Studio 236 | .ntvs_analysis.dat 237 | node_modules/ 238 | 239 | # Typescript v1 declaration files 240 | typings/ 241 | 242 | # Visual Studio 6 build log 243 | *.plg 244 | 245 | # Visual Studio 6 workspace options file 246 | *.opt 247 | 248 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.) 249 | *.vbw 250 | 251 | # Visual Studio LightSwitch build output 252 | **/*.HTMLClient/GeneratedArtifacts 253 | **/*.DesktopClient/GeneratedArtifacts 254 | **/*.DesktopClient/ModelManifest.xml 255 | **/*.Server/GeneratedArtifacts 256 | **/*.Server/ModelManifest.xml 257 | _Pvt_Extensions 258 | 259 | # Paket dependency manager 260 | .paket/paket.exe 261 | paket-files/ 262 | 263 | # FAKE - F# Make 264 | .fake/ 265 | 266 | # JetBrains Rider 267 | .idea/ 268 | *.sln.iml 269 | 270 | # CodeRush 271 | .cr/ 272 | 273 | # Python Tools for Visual Studio (PTVS) 274 | __pycache__/ 275 | *.pyc 276 | 277 | # Cake - Uncomment if you are using it 278 | # tools/** 279 | # !tools/packages.config 280 | 281 | # Telerik's JustMock configuration file 282 | *.jmconfig 283 | 284 | # BizTalk build output 285 | *.btp.cs 286 | *.btm.cs 287 | *.odx.cs 288 | *.xsd.cs 289 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | 2 | # Contributing 3 | 4 | This project welcomes contributions and suggestions. Most contributions require you to agree to a 5 | Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us 6 | the rights to use your contribution. For details, visit https://cla.microsoft.com. 7 | 8 | When you submit a pull request, a CLA-bot will automatically determine whether you need to provide 9 | a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions 10 | provided by the bot. You will only need to do this once across all repos using our CLA. 11 | 12 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). 13 | For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or 14 | contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. 15 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) Microsoft Corporation. All rights reserved. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Outlook Add-in: Token Viewer 2 | 3 | This sample add-in demonstrates how to retrieve and parse the various tokens available to an Outlook add-in, including: 4 | 5 | - The [Exchange user identity token](https://docs.microsoft.com/en-us/outlook/add-ins/inside-the-identity-token) 6 | - The [callback tokens](https://dev.office.com/reference/add-ins/outlook/1.5/Office.context.mailbox?product=outlook) used for making EWS or REST calls 7 | - The [single-sign-on token](https://docs.microsoft.com/en-us/outlook/add-ins/authenticate-a-user-with-an-sso-token) 8 | 9 | ## Key components 10 | 11 | This sample includes two main parts, the add-in that retrieves and displays the tokens, and the back-end Web API that does validation of the Exchange user-identity token. 12 | 13 | ### Add-in 14 | 15 | The add-in is contained in the [TokenValidationService/Add-in](TokenValidationService/Add-in) folder. 16 | 17 | ### Web API 18 | 19 | The Web API is implemented in the **TokenValidationService** project. 20 | 21 | ## Configure the sample 22 | 23 | ### Register the add-in 24 | 25 | Because this sample retrieves an SSO token, you must register the add-in in the [Application Registration Portal](https://apps.dev.microsoft.com/) to get an app ID and secret. 26 | 27 | 1. Register an app using the instructions at https://docs.microsoft.com/outlook/add-ins/authenticate-a-user-with-an-sso-token#registering-your-add-in. You do not need to register a Web app unless you intend to modify this sample to call Microsoft Graph. 28 | 1. Open the add-in manifest [manifest-outlook-token-viewer.xml](TokenValidationService/Add-in/manifest-outlook-token-viewer.xml). 29 | 1. Replace all instances of `YOUR_APP_ID` in the manifest with the app ID generated in your app registration. 30 | 1. Update the `` element in the manifest to reflect the permissions you configured in the **Microsoft Graph Permissions** section of your app registration. 31 | 1. Open the [Web.config](TokenValidationService/Web.config) file and replace all instances of `YOUR_APP_ID` in the manifest with the app ID generated in your app registration. 32 | 33 | ### Provide user consent 34 | 35 | Because you will sideload this add-in, you need to provide user consent to enable the SSO flow. Follow the instructions at https://docs.microsoft.com/outlook/add-ins/authenticate-a-user-with-an-sso-token#providing-consent-when-sideloading-an-add-in to provide consent. 36 | 37 | ## Run the sample 38 | 39 | ### Sideload the add-in 40 | 41 | Follow the instructions at https://docs.microsoft.com/outlook/add-ins/sideload-outlook-add-ins-for-testing to sideload [manifest-outlook-token-viewer.xml](TokenValidationService/Add-in/manifest-outlook-token-viewer.xml). 42 | 43 | > **Note:** This step only needs to be done once *unless* you modify the manifest. If you modify the manifest, you need to remove the add-in, then sideload the updated manifest. 44 | 45 | ### Run the project 46 | 47 | Open **TokenValidationService.sln** in Visual Studio and press **F5** to debug the project. Select a message in Outlook and use the add-in buttons to view the tokens or validate the identity token. 48 | 49 | ## Copyright 50 | 51 | Copyright (c) Microsoft. All rights reserved. 52 | 53 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. 54 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | ## Security 4 | 5 | Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/). 6 | 7 | If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below. 8 | 9 | ## Reporting Security Issues 10 | 11 | **Please do not report security vulnerabilities through public GitHub issues.** 12 | 13 | Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report). 14 | 15 | If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey). 16 | 17 | You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). 18 | 19 | Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: 20 | 21 | * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) 22 | * Full paths of source file(s) related to the manifestation of the issue 23 | * The location of the affected source code (tag/branch/commit or direct URL) 24 | * Any special configuration required to reproduce the issue 25 | * Step-by-step instructions to reproduce the issue 26 | * Proof-of-concept or exploit code (if possible) 27 | * Impact of the issue, including how an attacker might exploit the issue 28 | 29 | This information will help us triage your report more quickly. 30 | 31 | If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs. 32 | 33 | ## Preferred Languages 34 | 35 | We prefer all communications to be in English. 36 | 37 | ## Policy 38 | 39 | Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd). 40 | 41 | 42 | -------------------------------------------------------------------------------- /TokenValidationService.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 15 4 | VisualStudioVersion = 15.0.26730.15 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "TokenValidationService", "TokenValidationService\TokenValidationService.csproj", "{F748E632-A65F-43BB-A02D-D2E3ADA73BB2}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Any CPU = Debug|Any CPU 11 | Release|Any CPU = Release|Any CPU 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {F748E632-A65F-43BB-A02D-D2E3ADA73BB2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 15 | {F748E632-A65F-43BB-A02D-D2E3ADA73BB2}.Debug|Any CPU.Build.0 = Debug|Any CPU 16 | {F748E632-A65F-43BB-A02D-D2E3ADA73BB2}.Release|Any CPU.ActiveCfg = Release|Any CPU 17 | {F748E632-A65F-43BB-A02D-D2E3ADA73BB2}.Release|Any CPU.Build.0 = Release|Any CPU 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | GlobalSection(ExtensibilityGlobals) = postSolution 23 | SolutionGuid = {95125511-39AF-448E-A928-9D306DB47BAF} 24 | EndGlobalSection 25 | EndGlobal 26 | -------------------------------------------------------------------------------- /TokenValidationService/Add-in/Dialog/Dialog.css: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft. All rights reserved. Licensed under the MIT license. See LICENSE in the project root for license information. */ 2 | #status-valid, #status-invalid, #unique-id, #validation-message { 3 | display: none; 4 | } 5 | 6 | #validation-status, #unique-id { 7 | padding-bottom: 10px; 8 | } 9 | 10 | #validation-message { 11 | padding-top: 10px; 12 | } 13 | 14 | pre { 15 | background-color: #f8f8f8; 16 | border: 1px solid #ccc; 17 | padding: 6px 10px; 18 | word-wrap: break-word; 19 | white-space: pre-wrap; 20 | } -------------------------------------------------------------------------------- /TokenValidationService/Add-in/Dialog/Dialog.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 |
21 |

Validation Results

22 |
RESULT: VALIDINVALID
23 |
24 | Unique user ID: 25 |
26 |
27 |

Validation Details

28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 |
Validation CheckStatus
Signature
Audience
Issuer
Lifetime
Version
58 |
59 |

Validation message

60 |
61 |
62 |
63 | 64 | -------------------------------------------------------------------------------- /TokenValidationService/Add-in/Dialog/Dialog.js: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. Licensed under the MIT license. See LICENSE in the project root for license information. 2 | $(document).ready(function(){ 3 | 4 | // Check is valid 5 | var isValid = getParameterByName("IsValid"); 6 | if (isValid === "true") { 7 | $("#status-valid").show(); 8 | } else { 9 | $("#status-invalid").show(); 10 | } 11 | 12 | // Check user ID 13 | var userId = getParameterByName("ComputedUserId"); 14 | if (userId) { 15 | $("#userid").text(userId); 16 | $("#unique-id").show(); 17 | } 18 | 19 | // Check signature result 20 | var sigResult = getParameterByName("SignatureResult"); 21 | generateIcon(sigResult, $("#signature-result")); 22 | 23 | // Check audience result 24 | var audResult = getParameterByName("AudienceResult"); 25 | generateIcon(audResult, $("#audience-result")); 26 | 27 | // Check lifetime result 28 | var lifeResult = getParameterByName("LifetimeResult"); 29 | generateIcon(lifeResult, $("#lifetime-result")); 30 | 31 | // Check version result (only for ID token) 32 | var verResult = getParameterByName("VersionResult"); 33 | if (verResult) { 34 | generateIcon(verResult, $("#version-result")); 35 | } else { 36 | $("#ver-row").hide(); 37 | } 38 | 39 | // Check issuer result (only for SSO token) 40 | var issResult = getParameterByName("IssuerResult"); 41 | if (issResult) { 42 | generateIcon(issResult, $("#issuer-result")); 43 | } else { 44 | $("#iss-row").hide(); 45 | } 46 | 47 | // Check for message 48 | var message = getParameterByName("Message"); 49 | if (message) { 50 | $("#message").text(message); 51 | $("#validation-message").show(); 52 | } 53 | }); 54 | 55 | function generateIcon(status, parent) { 56 | var iconClass = "ms-Icon--Warning"; 57 | var iconColor = "ms=fontColor-warning"; 58 | 59 | if (status === "passed") { 60 | iconClass = "ms-Icon--CheckMark"; 61 | iconColor = "ms-fontColor-success"; 62 | } else if (status === "failed") { 63 | iconClass = "ms-Icon--Error"; 64 | iconColor = "ms-fontColor-error"; 65 | } 66 | 67 | parent.addClass(iconColor); 68 | 69 | $("") 70 | .addClass("ms-Icon") 71 | .addClass(iconClass) 72 | .attr("title", status) 73 | .appendTo(parent); 74 | } 75 | 76 | function getParameterByName(name, url) { 77 | if (!url) { 78 | url = window.location.href; 79 | } 80 | 81 | name = name.replace(/[\[\]]/g, "\\$&"); 82 | 83 | var regex = new RegExp("[?&]" + name + "(=([^&#]*)|&|#|$)"), 84 | results = regex.exec(url); 85 | if (!results) return null; 86 | if (!results[2]) return ''; 87 | 88 | return decodeURIComponent(results[2].replace(/\+/g, " ")); 89 | } -------------------------------------------------------------------------------- /TokenValidationService/Add-in/FunctionFile/Functions.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 16 | 17 | -------------------------------------------------------------------------------- /TokenValidationService/Add-in/FunctionFile/Functions.js: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. Licensed under the MIT license. See LICENSE in the project root for license information. 2 | 3 | Office.initialize = function () { 4 | }; 5 | 6 | function showMessage(message, icon, event) { 7 | Office.context.mailbox.item.notificationMessages.replaceAsync('msg', { 8 | type: 'informationalMessage', 9 | icon: icon, 10 | message: message, 11 | persistent: false 12 | }, function(result){ 13 | event.completed(); 14 | }); 15 | } 16 | 17 | function reportError(errorMessage, event) { 18 | Office.context.mailbox.item.notificationMessages.replaceAsync('error', { 19 | type: "errorMessage", 20 | message: errorMessage 21 | }, function (result) { 22 | event.completed(); 23 | }) 24 | } 25 | 26 | function showDialog(data, event) { 27 | // Convert the JSON validation data to query params 28 | var query = $.param(data); 29 | var dialogUrl = "https://localhost:44359/add-in/dialog/dialog.html?" + query; 30 | Office.context.ui.displayDialogAsync(dialogUrl, {displayInIframe: true}); 31 | event.completed(); 32 | } 33 | 34 | function validateIdToken(event) { 35 | Office.context.mailbox.getUserIdentityTokenAsync(function(result) { 36 | if (result.status == "succeeded") { 37 | var idToken = result.value; 38 | 39 | // Send token to validation service 40 | $.ajax({ 41 | type: "POST", 42 | url: "/api/validateexchangetoken", 43 | data: JSON.stringify(idToken), 44 | contentType: "application/json; charset=utf-8" 45 | }).done(function (data) { 46 | // Display dialog with validation results 47 | showDialog(data, event); 48 | }).fail(function (error) { 49 | reportError("Error validating ID token: " + error.status, event); 50 | }); 51 | } else { 52 | reportError("Error retrieving ID token: " + result.error.message, event); 53 | } 54 | }); 55 | } 56 | 57 | function validateSsoToken(event) { 58 | if (Office.context.auth && Office.context.auth.getAccessTokenAsync !== undefined){ 59 | 60 | } else { 61 | reportError("Client does not support SSO token", event); 62 | } 63 | Office.context.auth.getAccessTokenAsync(function(result) { 64 | if (result.status == "succeeded") { 65 | var ssoToken = result.value; 66 | 67 | // Send token to validation service 68 | $.ajax({ 69 | type: "POST", 70 | url: "/api/validatessotoken", 71 | data: JSON.stringify(ssoToken), 72 | contentType: "application/json; charset=utf-8" 73 | }).done(function (data) { 74 | // Display dialog with validation results 75 | showDialog(data, event); 76 | }).fail(function (error) { 77 | reportError("Error validating SSO token: " + error.status, event); 78 | }); 79 | } else { 80 | reportError("Error retrieving SSO token: " + result.error.message, event); 81 | } 82 | }); 83 | } -------------------------------------------------------------------------------- /TokenValidationService/Add-in/TaskPane/TaskPane.css: -------------------------------------------------------------------------------- 1 | /* Copyright (c) Microsoft. All rights reserved. Licensed under the MIT license. See LICENSE in the project root for license information. */ 2 | pre { 3 | background-color: #f8f8f8; 4 | border: 1px solid #ccc; 5 | padding: 6px 10px; 6 | word-wrap: break-word; 7 | white-space: pre-wrap; 8 | } 9 | 10 | #error-box { 11 | border: 1px solid; 12 | padding: 10px; 13 | } -------------------------------------------------------------------------------- /TokenValidationService/Add-in/TaskPane/TaskPane.html: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 |
23 |

Exchange Identity Token

24 |
25 |
26 | Parse token 27 | 28 | 32 |
33 | 
Loading...
34 |
35 | 36 |

EWS Callback Token

37 |
38 |
39 | Parse token 40 | 41 | 45 |
46 | 
Loading...
47 |
48 | 49 | 50 |

REST Callback Token

51 |
52 |
53 | Parse token 54 | 55 | 59 |
60 | 
Loading...
61 |
62 | 63 |

SSO Graph Token

64 |
65 |
66 | Parse token 67 | 68 | 72 |
73 | 
Loading...
74 |
75 | 76 |
77 |
78 | 79 | -------------------------------------------------------------------------------- /TokenValidationService/Add-in/TaskPane/TaskPane.js: -------------------------------------------------------------------------------- 1 | // Copyright (c) Microsoft. All rights reserved. Licensed under the MIT license. See LICENSE in the project root for license information. 2 | (function(){ 3 | "use strict"; 4 | 5 | var restCallbackSupported = false; 6 | var idToken = ""; 7 | var ewsToken = ""; 8 | var restToken = ""; 9 | var ssoToken = ""; 10 | 11 | // The Office initialize function must be run each time a new page is loaded 12 | Office.initialize = function(reason){ 13 | $(document).ready(function(){ 14 | var ToggleElements = document.querySelectorAll(".ms-Toggle"); 15 | for(var i = 0; i < ToggleElements.length; i++) { 16 | new fabric["Toggle"](ToggleElements[i]); 17 | } 18 | 19 | $("#parse-id-token-toggle").click(function() { 20 | showIdToken($("#parse-id-token-toggle").is(":checked")); 21 | }); 22 | 23 | $("#parse-ews-token-toggle").click(function() { 24 | showEwsToken($("#parse-ews-token-toggle").is(":checked")); 25 | }); 26 | 27 | $("#parse-rest-token-toggle").click(function() { 28 | showRestToken($("#parse-rest-token-toggle").is(":checked")); 29 | }); 30 | 31 | $("#parse-sso-token-toggle").click(function() { 32 | showSsoToken($("#parse-sso-token-toggle").is(":checked")); 33 | }); 34 | 35 | if (Office.context.mailbox.restUrl !== undefined) { 36 | restCallbackSupported = true; 37 | } 38 | 39 | getTokens(); 40 | }); 41 | }; 42 | 43 | // Displays the callback token for the current item 44 | function getTokens(){ 45 | // Identity token 46 | Office.context.mailbox.getUserIdentityTokenAsync(function(result) { 47 | if (result.status == "succeeded") { 48 | idToken = result.value; 49 | showIdToken($("parse-id-token-toggle").is(":checked")); 50 | } else { 51 | reportError("id-token", result.error); 52 | } 53 | }); 54 | 55 | // EWS token 56 | Office.context.mailbox.getCallbackTokenAsync(function(result) { 57 | if (result.status == "succeeded") { 58 | ewsToken = result.value; 59 | showEwsToken($("#parse-ews-token-toggle").is(":checked")); 60 | } 61 | else { 62 | reportError("ews-token", result.error); 63 | } 64 | }); 65 | 66 | // REST token 67 | if (restCallbackSupported) { 68 | // Get the REST token 69 | Office.context.mailbox.getCallbackTokenAsync( 70 | {isRest: true}, function (result) { 71 | if (result.status == "succeeded") { 72 | restToken = result.value; 73 | showRestToken($("#parse-rest-token-toggle").is(":checked")); 74 | } 75 | else { 76 | reportError("rest-token", result.error); 77 | } 78 | } 79 | ); 80 | } else { 81 | reportWarning("rest-token", "REST callback token not supported by client"); 82 | } 83 | 84 | // Get SSO token 85 | if (Office.context.auth && Office.context.auth.getAccessTokenAsync !== undefined) { 86 | Office.context.auth.getAccessTokenAsync(function (result){ 87 | if (result.status == "succeeded") { 88 | ssoToken = result.value; 89 | showSsoToken($("#parse-sso-token-toggle").is(":checked")) 90 | } else{ 91 | reportError("sso-token", result.error); 92 | } 93 | }); 94 | } else { 95 | reportWarning("sso-token", "SSO token is not supported by client"); 96 | } 97 | } 98 | 99 | function reportError(target, errorMsg) { 100 | $("#" + target).text(JSON.stringify(errorMsg, null, 2)); 101 | $("#" + target).parent().addClass("ms-bgColor-error"); 102 | $("#" + target).parent().siblings(".ms-Toggle").hide(); 103 | } 104 | 105 | function reportWarning(target, warningMsg) { 106 | $("#" + target).text(JSON.stringify(warningMsg, null, 2)); 107 | $("#" + target).parent().addClass("ms-bgColor-warning"); 108 | $("#" + target).parent().siblings(".ms-Toggle").hide(); 109 | } 110 | 111 | function showIdToken(parseToken) { 112 | if (parseToken) { 113 | $("#id-token").text(JSON.stringify(decodeToken(idToken), null, 2)); 114 | } else { 115 | $("#id-token").text(idToken); 116 | } 117 | } 118 | 119 | function showEwsToken(parseToken) { 120 | if (parseToken) { 121 | $("#ews-token").text(JSON.stringify(decodeToken(ewsToken), null, 2)); 122 | } else { 123 | $("#ews-token").text(ewsToken); 124 | } 125 | } 126 | 127 | function showRestToken(parseToken) { 128 | if (parseToken) { 129 | $("#rest-token").text(JSON.stringify(decodeToken(restToken), null, 2)).show(); 130 | } else { 131 | $("#rest-token").text(restToken).show(); 132 | } 133 | } 134 | 135 | function showSsoToken(parseToken) { 136 | if (parseToken) { 137 | $("#sso-token").text(JSON.stringify(decodeToken(ssoToken), null, 2)).show(); 138 | } else { 139 | $("#sso-token").text(ssoToken).show(); 140 | } 141 | } 142 | })(); -------------------------------------------------------------------------------- /TokenValidationService/Add-in/images/close.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/Outlook-Add-In-Token-Viewer/2cc7d155133aaeecca2328454cfa2e9e8eaecd07/TokenValidationService/Add-in/images/close.png -------------------------------------------------------------------------------- /TokenValidationService/Add-in/images/hi-res-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/Outlook-Add-In-Token-Viewer/2cc7d155133aaeecca2328454cfa2e9e8eaecd07/TokenValidationService/Add-in/images/hi-res-icon.png -------------------------------------------------------------------------------- /TokenValidationService/Add-in/images/icon-16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/Outlook-Add-In-Token-Viewer/2cc7d155133aaeecca2328454cfa2e9e8eaecd07/TokenValidationService/Add-in/images/icon-16.png -------------------------------------------------------------------------------- /TokenValidationService/Add-in/images/icon-32.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/Outlook-Add-In-Token-Viewer/2cc7d155133aaeecca2328454cfa2e9e8eaecd07/TokenValidationService/Add-in/images/icon-32.png -------------------------------------------------------------------------------- /TokenValidationService/Add-in/images/icon-80.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OfficeDev/Outlook-Add-In-Token-Viewer/2cc7d155133aaeecca2328454cfa2e9e8eaecd07/TokenValidationService/Add-in/images/icon-80.png -------------------------------------------------------------------------------- /TokenValidationService/Add-in/jsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "target": "ES5", 4 | "module": "commonjs" 5 | } 6 | } -------------------------------------------------------------------------------- /TokenValidationService/Add-in/manifest-outlook-token-viewer.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 8 | baad3e9f-66ec-4f6e-a567-23e467df0502 9 | 1.0.0.0 10 | Outlook Dev Center 11 | en-US 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 |
25 | 26 | 27 | 250 28 | 29 |
30 | 31 | ReadWriteMailbox 32 | 33 | 34 | 35 | 36 | false 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 |