This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 47%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
Hello everyone,
I try to access the calendar events (Graph API) of my work account via an app I registered on my personal account. As the API calls will be made from a microcontroller, I use the device auth flow to get the necessary token.
I have registered the app and added the default redirect URL ("https://login.microsoftonline.com/common/oauth2/nativeclient"). Supported account types are personal and organizational accounts. API permissions as follows:
Now I start the device auth flow: "https://login.microsoftonline.com/<tenant>/oauth2/v2.0/devicecode", log my work user into the account, granting permissions and poll the access token via "https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token". The result looks like this:
{
"token_type": "Bearer",
"scope": "Calendars.Read Calendars.ReadWrite email Mail.Read Mail.ReadWrite openid profile User.Read",
"expires_in": 3599,
"ext_expires_in": 3599,
"access_token": "eyJ0...",
"refresh_token": "OAQA..."
}
So far so nice :)
Using the access token I'm able to call the graph API and see the user account details: https://graph.microsoft.com/v1.0/me
But as soon as I try to get the current events ("https://graph.microsoft.com/v1.0/me/events") I get an error:
{
"error": {
"code": "NoPermissionsInAccessToken",
"message": "The token contains no permissions, or permissions can not be understood.",
"innerError": {
"request-id": "f391dbdf-fd8a-49c8-abd1-109d1a38ba2f",
"date": "2020-04-15T09:26:00"
}
}
}
The "funny" thing is that the very same requests works, using the Graph Explorer App. I thought that they might have blocked access at my company but why should the graph explorer app work then?
When looking into the JWT, I can see that the required scopes are there:
"scp": "Calendars.Read Calendars.ReadWrite email Mail.Read Mail.ReadWrite openid profile User.Read"
Any ideas how to resolve this? There must be somethign I forgot...
Thanks a lot!
You've to update your code to send requests to /common. EG:
GET https://login.microsoftonline.com/common/oauth2/v2.0/devicecode
POST https://login.microsoftonline.com/common/oauth2/v2.0/token
Please let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.