Hi @Louis TONNEVY
The /.default
is a static consent that will contain all permissions that have been granted to the application in the tenant, it is usually used in daemons without user interaction. But it can't do dynamic consent, if you haven't granted the Calendars.ReadWrite
permission to the app on behalf of the organization, then when you use /.default
, that permission won't be present in the access token, which is what causes the 403.
So if you're doing dynamic consent then you can change the scope
to:
scope="Calendars.ReadWrite offline_access"
Hope this helps.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.