This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 97%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Hello,
I want to connect to the Outlook Calendar API to read, create, update, and delete events. For this, I need to ask the user for consent.
The first thing I'm doing is to generate the login URL like this:
const msalConfig = {
auth: {
clientId: process.env.OUTLOOK_CLIENT_ID,
authority: `https://login.microsoftonline.com/${process.env.OUTLOOK_TENANT_ID}`,
redirectUri: process.env.REDIRECT_URL_DEVELOPMENT,
},
};
const pca = new PublicClientApplication(msalConfig);
const ccaConfig = {
auth: {
clientId: process.env.OUTLOOK_CLIENT_ID,
authority: `https://login.microsoftonline.com/${process.env.OUTLOOK_TENANT_ID}`,
clientSecret: process.env.OUTLOOK_CLIENT_SECRET_VALUE,
},
};
const cca = new ConfidentialClientApplication(ccaConfig);
const scopes = process.env.OUTLOOK_SCOPES || 'https://graph.microsoft.com/.default';
const authCodeUrlParameters = {
scopes: scopes.split(','),
redirectUri: process.env.REDIRECT_URL_DEVELOPMENT,
};
const url = await pca.getAuthCodeUrl(authCodeUrlParameters);
return url;
Then, I redirect the user to the URL link that I generated. After the user grants consent, I get a code to use to get the Access Token.
So this is the code I'm using to get the Access Token:
const scopes = process.env.OUTLOOK_SCOPES || 'https://graph.microsoft.com/.default';
const tokenRequest = {
code: req.body.code,
scopes: scopes.split(','),
redirectUri: process.env.REDIRECT_URL_DEVELOPMENT,
};
let result;
try {
result = await pca.acquireTokenByCode(tokenRequest);
//accessToken
console.log(result.accessToken);
} catch (e) {
console.log(e.message);
}
So here I'm getting an error of: "invalid_client: The request body must contain the following parameter: 'client_assertion' or 'client_secret'."
Then, I tried to add the 'client_secret' to the tokenRequest, but I still got the same error.
Why am I getting this error and how can I fix it?
Hope someone can help!
Hi @Nofar
Try enabling public client flow for your app:
Hope this helps.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.
Hi,
Thanks for your answer.
I already did it, but it is not working. The error I mentioned in the previous message occurred after I enabled public client flow.
I also tried to exchange the authorization code for an access token in a different way instead of using this:
const scopes = process.env.OUTLOOK_SCOPES || 'https://graph.microsoft.com/.default';
const tokenRequest = {
code: req.body.code,
scopes: scopes.split(','),
redirectUri: process.env.REDIRECT_URL_DEVELOPMENT,
};
let result;
try {
result = await pca.acquireTokenByCode(tokenRequest);
//accessToken
console.log(result.accessToken);
} catch (e) {
console.log(e.message);
}
I tried this way:
const response = await fetch(`https://login.microsoftonline.com/${process.env.OUTLOOK_TENANT_ID}/oauth2/v2.0/token`, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: new URLSearchParams({
client_id: process.env.OUTLOOK_CLIENT_ID,
client_secret: process.env.OUTLOOK_CLIENT_SECRET_VALUE,
code: code,
redirect_uri: process.env.REDIRECT_URL_DEVELOPMENT,
grant_type: 'authorization_code',
scope: 'https://graph.microsoft.com/Calendars.ReadWrite offline_access'
})
});
const data = await response.json();
console.log(data);
This way I did get the "access_token" and the "refresh_token" but then I wanted to get all the events from the calendar but I got a 401 error without an error message in this code:
const client = Client.init({
authProvider: (done) => {
done(null, data.access_token);
},
});
try {
const events = await client.api('/me/calendar').get();
console.log(events);
} catch (e) {
console.log(e.message);
}
I can't understand what am I doing wrong?
You mean, it will cause 401 errors when you call the /me/carendar/events API?
const events = await client.api('/me/calendar/events').get();
console.log(events);
Yes exactly. After calling the /me/calendar/events API, I'm getting a 401 error with no error message:
try {
const events = await client.api('/me/calendar/events').get();
console.log(events);
} catch (e) {
console.log(e);
}
Yes exactly. After calling the /me/calendar/events API, I'm getting a 401 error with no error message:
try {
const events = await client.api('/me/calendar/events').get();
console.log(events);
} catch (e) {
console.log(e.message);
}
Can you use jwt.ms to decode your access token and share screenshots?
Here is a screenshot from my decode access token: