ClientSecretCredential authentication failed in Go Language

Question

{
  "error": "invalid_scope",
  "error_description": "AADSTS1002012: The provided value for scope Calendars.ReadWrite openid offline_access profile is not valid. Client credential flows must have a scope value with /.default suffixed to the resource identifier (application ID URI).\r\nTrace ID: 68ef8508-5045-4c13-bfb4-6cd605627700\r\nCorrelation ID: 878d6045-9f86-4c98-ac7d-f6433b96a2a4\r\nTimestamp: 2023-01-11 06:04:31Z",
  "error_codes": [
    1002012
  ],
  "timestamp": "2023-01-11 06:04:31Z",
  "trace_id": "68ef8508-5045-4c13-bfb4-6cd605627700",
  "correlation_id": "878d6045-9f86-4c98-ac7d-f6433b96a2a4"
}


finalScopes = append(finalScopes, "https://graph.microsoft.com/.default")

and 
auth, err := a.NewAzureIdentityAuthenticationProviderWithScopes(cred, []string{"Calender.ReadWrite"}) i am using but authentication get successfull.

AT THE TIME OF EVENT POST THAT ABOVE ERROR WE GET, according to me it is client error. the below code i am using wwhen i am geeting
result, err := graphClient.Me().Events().Post(context.Background(), requestBody, configuration)
	if err != nil {
		fmt.Println(err)
		return
	}

Answer 1

Hi Anupam Singh,

Thanks for reaching out.

In your application registration it's important that you assigned Application permissions not Delegate Permissions https://learn.microsoft.com/en-us/graph/permissions-reference and they need to be consented to (by and Admin) in the tenant.

To get Events from a particular user's mailbox you just need

graphClient.Users["******@tenant.onmicrosoft.com"].Events().Post(context.Background(), requestBody, configuration)

The .me() endpoint won't work when using a Service Principal (Client_Credentials Flow)

Hope this helps.

If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.