Graph - CalendarView delta with deltaToken or skipToken returns a 403 forbidden with delegate permissions

Question

Graph - CalendarView delta with deltaToken or skipToken returns a 403 forbidden with delegate permissions

Mickaël 10

Hello,

I am encountering an issue with the Microsoft Graph API when attempting to use delegate permissions, specifically Calendars.ReadWrite and Calendars.ReadWrite.Shared, to interact with calendar events. I would appreciate your insights on this matter.

Here's the problem: I am currently building a synchronization feature between our application and a user's calendar. When I make a request to the calendarView/delta endpoint using delegate permissions, it works as expected, and I can retrieve calendar events and changes successfully. However, when I try to use the $deltaToken or $skipToken parameters to paginate through the results, I consistently receive a 403 error.

This issue does not occur when I use application permissions, but due to security considerations on the client side, we must stick to delegate permissions.

Has anyone else encountered this issue or found a solution to work with Calendars.ReadWrite and Calendars.ReadWrite.Shared delegate permissions while using the $deltaToken or $skipToken parameters?

Thank you in advance for your help!

1 answer

Your answer

Answer 1

Diah.Karim-MSFT 335 Microsoft External Staff

Hi Mikael,

I tried to simulate using MS Graph Explore and able to fetch the data with $skipToken

Here are the steps:

Sign in using M365 acc and call the endpoint. You will need to add in the request Header -> Prefer : odata.maxpagesize=2 for e.g https://graph.microsoft.com/v1.0/me/calendarView/delta?startDateTime=2023-12-01&endDateTime=2024-01-25
Scroll to bottom result, and you will see the odata.nextlink. Copy the link and use it to next endpoint call to fetch the next result.

   "@odata.nextLink": "https://graph.microsoft.com/v1.0/me/calendarView/delta?$skiptoken=zlDCLFWGXWCu90TAtl8YaG0JQFQBAWaNEeCV_rhZ5db1Qgo0sa64FaBhgvtMlAvBOSx6ugWfkx7sQtdPsvCgbJQddDXwinsHFfoXEnPhExLMAQrp-gECd5DjhAxPIY63ghV4jqLuD8rnsQ638-6xGvryH4gjejGbzHd0sxljUuws-eGPUnmQDGkZLTwDNr6rsFoMM0qNAtBYJXFxI5ByzWtd5cQvm7BAOsajh6mz0Gw.23ywni6jY7MMBfLD9XzBCHK9zsO94S32urs7NZMdxeI"

Hope this helps. If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Mickaël 10 Reputation points

2024-01-25T07:05:47.3166667+00:00

Hello !

Thank you for your response and the detailed steps.

While I can see that you were able to fetch data with the $skipToken parameter, my specific concern revolves around using delegate permissions such as Calendars.ReadWrite and Calendars.ReadWrite.Shared in conjunction with the $deltaToken or $skipToken parameters. I have followed similar steps to those you provided and successfully obtained results using $skipToken.

However, the challenge arises when attempting to paginate through the results using $deltaToken or $skipToken while utilizing delegate permissions . In this context, I consistently encounter a 403 error.

To provide more context, I want to highlight an interesting observation. When I use a user account that has administrative privileges (accross the Azure directory) along with delegate permissions, the requests with $deltaToken or $skipToken work as expected. However, if I create a new user account with the same delegate permissions, the requests result in a 403 error. :(

Thank you for your assistance.

Best regards
Diah.Karim-MSFT 335 Reputation points Microsoft External Staff

2024-01-26T00:49:48.8533333+00:00

Hi Mikael, Erm that's bit weird because i'm using the normal account user as per screenshot above. Can you simulate by using a new test user account and see if getting the same issue? Or maybe provide a snippet of the code used to help with additional info? Regards, Mohd Diah

Mickaël 10

Hello, Yep, but you use the /me/calendarView endpoint, while I'm using users/{resourceEmail}/calendars/{calendarId}/calendarView in order to get events from a resource calendar instead of my own. I use the Java SDK, with the following snippets :

// This use an custom AuthenticationProvider with a known token
GraphServiceClient<Request> graphService = this.getService();

// Get CalendarRequestBuilder for a specific resource
CalendarRequestBuilder crb = graphService.users("accountId").calendars("calendarId");

// Get DeltaRequest
EventDeltaCollectionRequest deltaRequest = crb.calendarView().delta().buildRequest();

deltaRequest.deltaToken("syncToken");

// The following line returns a 403 Forbidden
deltaRequest.get();

Mickaël 10 Reputation points

2024-01-26T10:36:29.1433333+00:00

--- Duplicate, sorry, I did not see my initial answer

Share via

Graph - CalendarView delta with deltaToken or skipToken returns a 403 forbidden with delegate permissions

1 answer

Your answer