question

PrakashMotwani-4996 avatar image
0 Votes"
PrakashMotwani-4996 asked Danstan-MSFT answered

Creating an event in a user's calendar while using delegated permissions

Hi,

We are trying to create an event in a user's calendar from our application using the https://graph.microsoft.com/v1.0/users/{user}/events API.
When we use an access token generated using the 'Get access without a user' (https://docs.microsoft.com/en-us/graph/auth-v2-service) flow and using application permission 'Calendars.ReadWrite' we are successfully able to create an event.
But when we use an access token generated by using the 'Get access on behalf of a user' (https://docs.microsoft.com/en-us/graph/auth-v2-user) flow with delegated permissions 'Calendars.ReadWrite' and 'Calendars.ReadWrite.Shared' we receive an error 'ErrorItemNotFound' with message 'The specified object was not found in the store.' when invoking the above mentioned Create Event API.
When we share this user's calendar with the admin that had provided consent during OAuth 2.0 flow, we were then able to create an event successfully using the same API.
Isn't it possible to create an event in a user's calendar using the above API without explicitly sharing the user's calendar when we use delegated permissions the way it is possible while using application permissions even when the user that provides consent during the OAuth 2.0 flow is an admin user?

Thanks.

microsoft-graph-calendarmicrosoft-graph-permissions
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Danstan-MSFT avatar image
0 Votes"
Danstan-MSFT answered

As far as I know, Using delegated permissions, the signed in user even if an admin can only access another users calendar if the user's calendar is delegated or shared with the admin user. To be able to access calendar of an other users regardless, that means having access to all user mailboxes.

You will be better off using application permissions which will allow the app to read calendar from all users. Checkout Client Credentials Flow.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.