Microsoft Graph - GET Outlook Calendar events - 403

Nikhil Kamble 20 Reputation points
2023-01-30T06:33:31.9933333+00:00

Hi there,

Trying to access events using "Authorization code grant flow"

This is how I get the token

User's image

When adding a calendar event I can do a POST with the token and I get return 201 saying that the event is created (This is all good).

User's image

Now when I am trying to get the event for that user I get 403 "Access is denied"

User's image

User's image

I have the following permissions on the Azure portal

User's image

I do have admin consent

User's image

Although this is using Graph Explorer which uses (Client credentials grant flow) I think I can get the calendar events

User's image

Thanks in advance!

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,010 questions
0 comments No comments
{count} votes

Accepted answer
  1. Gopinath Chennamadhavuni 2,426 Reputation points
    2023-01-30T09:07:49.6133333+00:00

    Hi Nikhil Kamble

    Thanks for reaching out.

    I can reproduce your issue in my test tenant, and I have resolved this issue with below approach.

    Try to remove & revoke all permission of the specific app and grant the required permissions again, then execute the Graph API. You can find the similar post: https://learn.microsoft.com/en-us/answers/questions/1161426/erroraccessdenied-message-access-is-denied-check-c

    Please refer the link for more details: https://learn.microsoft.com/en-us/graph/api/user-list-events?view=graph-rest-1.0&tabs=csharp

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. CarlZhao-MSFT 35,266 Reputation points
    2023-01-30T10:41:02.8766667+00:00

    Hi @Nikhil Kamble

    According to the documentation:

    There are two scenarios where an app can get events in another user's calendar:

    • If the app has application permissions, or,
    • If the app has the appropriate delegated permissions from one user, and another user has shared a calendar with that user, or, has given delegated access to that user. See details and an example.

    So, if you are using auth code flow to access other users' calendar events, make sure that the logged-in user has shared the calendar with the target user, or that the target user has granted delegated access to the logged-in user.

    If you are using the client credentials flow to access other users' calendar events, then you only need to have one of the Calendars.Read or Calendars.ReadWrite application permissions.

    using Azure.Identity; 
    using Microsoft.Graph;
    using Newtonsoft.Json;
    
    
    var scopes = new[] { "https://graph.microsoft.com/.default" };
    
    var tenantId = "{tenant id of the azure ad}";
    
    // Values from app registration
    var clientId = "YOUR_CLIENT_ID";
    var clientSecret = "YOUR_CLIENT_SECRET";
    
    // using Azure.Identity;
    var options = new TokenCredentialOptions
    {
        AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
    };
    
    // https://learn.microsoft.com/dotnet/api/azure.identity.clientsecretcredential
    var clientSecretCredential = new ClientSecretCredential(
        tenantId, clientId, clientSecret, options);
    
    var graphClient = new GraphServiceClient(clientSecretCredential, scopes);
    
    try
    {
          var events = await graphClient.Users["
          .Request()
          .Header("Prefer", "outlook.timezone=\"Pacific Standard Time\"")
          .GetAsync();
     
          Console.WriteLine("events:" + JsonConvert.SerializeObject(events));
    
    }
    catch (Exception ex) { 
    
          Console.WriteLine(ex);
    }
    
    0 comments No comments