Cant get users events from their calendar (Graph API)

admin 41 Reputation points
2023-02-07T23:02:43.5633333+00:00

I have an app registered in AAD with permission added . For authentication I use OAuth 2.0 authorization code flow. Everything worked perfectly well when calling Graph API until I need for admin purpose to get users calendars events , calling :
GET /users/{id | userPrincipalName}/events or
GET /users/{id | userPrincipalName}/calendar/events.
After getting an error and reading some documentation and found out that I need to add some application permission in my app registration in AAD, what I did.
User's image

But still when trying to use the above endpoints I get an error : code":"ErrorAccessDenied","message":"Access is denied. Check credentials and try again."
What am I missing, should I use OAuth 2.0 client credentials flow for this purpose ? If yes can I combine it with the auth code flow in one app registration somehow?

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
3,844 questions
Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,545 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,672 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,588 questions
Accepted answer
  1. CarlZhao-MSFT 37,216 Reputation points
    2023-02-08T07:26:47.8166667+00:00

    Hi admin

    According to the documentation:

    There are two scenarios where an app can get events in another user's calendar:

    • If the app has application permissions, or,
    • If the app has the appropriate delegated permissions from one user, and another user has shared a calendar with that user, or, has given delegated access to that user. See details and an example.

    So, if you are using auth code flow to access other users' calendar events, make sure that the logged-in user has shared the calendar with the target user, or that the target user has granted delegated access to the logged-in user.

    If your users do not meet the above criteria, you must use the daemon-based client credentials flow to access other users' calendar events. Also, the client credentials flow cannot yet be combined with the authentication code flow.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Siddharth Gautam 855 Reputation points
    2023-02-08T00:14:20.7066667+00:00

    Hello admin,

    Thanks for posting!

    Based on my observation from previous cases, I will suggest, try to remove & revoke all permission of the specific app and grant the required permissions again, then execute the Graph API.

    Please let me know if you are still facing this issue.

    You can follow the below thread as well.

    https://learn.microsoft.com/en-us/answers/questions/1161426/erroraccessdenied-message-access-is-denied-check-c

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.

    0 comments