We are loading a base64 document from the backend and opening it in our Word-addin (using Office JS APIs). We are using application.createDocument(base64) to do so. This causes the Word application to open an entirely new window for the new document, in which the addin is closed by default.

Our add-in is login protected, so re-opening the addin requires the users to put in user/password again.

Is there a way to 1) not open a new MS-Word window (replace the word document), or 2) open a new MS-Word window with the addin already open and pass the authentication tokens from the first MS-Word to the second?

1) not open a new MS-Word window (replace the word document) For this you can use the method context.document.insertFileFromBase64(mybase64, "Replace", { importTheme: true, importStyles: true, importParagraphSpacing: true, importPageColor: true, importChangeTrackingMode: true }); await context.sync();

based on your requirements you can use this properties
importTheme: true, importStyles: true, importParagraphSpacing: true, importPageColor: true, importChangeTrackingMode: true

for more info https://learn.microsoft.com/en-us/javascript/api/word/word.body?view=word-js-preview#word-word-body-insertfilefrombase64-member(1)

2) open a new MS-Word window with the addin already open and pass the authentication tokens from the first MS-Word to the second

for this you have set custom properties in document using that you can authorized user in new instance of word and for loading adding in new instance you have to add addin in document so your bytes contains addin also for that you can refer this. https://docs.aspose.com/words/net/work-with-office-add-ins/ using aspose you can load addin in your document and convert that into bas64 so that you can achive this.