Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,447 questions
How to access resource's calendar outside my organization through EWS?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 33%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMU%3C/text%3E%3C/svg%3E)
Moin Uddin Kashif
1
Reputation point
Hello,
I have an Android application which was using Basic authentication for Microsoft 365 (username, password and URL=https://outlook.office365.com/ews/Exchange.asmx). I was using EWS to get the calendar of the signed in user to display the events from his calendar.
With new changes in the MS authentication I have to use OAuth for the authentication. I have registered my app in Azure portal and got the tenant and client IDs.
I am able to authenticate the user in my organization but how can I authenticate the user (which is not in my organization) so he can display his calendar in my app.
For example
My organization : scheduledisplay.com
Signed user : user1@scheduledisplay.com
Customer’s resource: resource1@itservices .com (which they want to use in our app to display the calendar’s events)
For the authentication I am using the information from Azure portal for my registered app
Client ID: 5666989b-xxxxxx-xxxxxx-xxxx-xxxxxxxxx
Tenant ID: scheduledisplay.com
User: user1@scheduledisplay.com
Password: xxxxxxxxx
This works fine if I use "user1@scheduledisplay.com" but if I use "user1@itservices .com" then it gave me an error "AADSTS65001: The user or administrator has not consented to use the application with ID '5666989b-xxxxxx-xxxxxx-xxxx-xxxxxxxxx' named 'Schedule display'. Send an interactive authorization request for this user and resource."
I have enabled the Delegate permission in the API permissions in Azure, but it didn't solve the problem.
What should I do?
Thanks
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Shashi Shailaj 7,581 Reputation points Microsoft Employee2020-09-23T14:15:39.01+00:00 @Moin Uddin Kashif ,
In all probability you are facing an issue with admin consent from itservices.com tenant . The thing to start will be if you have registered your application as a single tenant or multi-tenant . If you have not registered it as multi-tenant then you would need to first register the application as multi-tenant and let the global administrator on the itservices.com tenant access this first . This will create a service principal for your multi-tenant app in their tenant . Once that is done they can go in the application and consent on behalf of the application or the global admin . Once global administrator has provided the consent for the API permissions your application is seeking not just for his user but for the whole organization, you should not see this problem. Let us know if you get a different error and we will help you further. -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
VipulSparsh-MSFT 16,231 Reputation points Microsoft Employee2020-10-06T06:22:39.61+00:00 @Moin Uddin Kashif I wanted to follow up and know if the above response helped in answering your query. If it did, please accept the appropriate response as answer for the benefit of community. If it did not, please let us know so that we can help you further.
Sign in to comment