Creating an event in a user's calendar while using delegated permissions

Question

Hi,

We are trying to create an event in a user's calendar from our application using the https://graph.microsoft.com/v1.0/users/{user}/events API.
When we use an access token generated using the 'Get access without a user' (https://learn.microsoft.com/en-us/graph/auth-v2-service) flow and using application permission 'Calendars.ReadWrite' we are successfully able to create an event.
But when we use an access token generated by using the 'Get access on behalf of a user' (https://learn.microsoft.com/en-us/graph/auth-v2-user) flow with delegated permissions 'Calendars.ReadWrite' and 'Calendars.ReadWrite.Shared' we receive an error 'ErrorItemNotFound' with message 'The specified object was not found in the store.' when invoking the above mentioned Create Event API.
When we share this user's calendar with the admin that had provided consent during OAuth 2.0 flow, we were then able to create an event successfully using the same API.
Isn't it possible to create an event in a user's calendar using the above API without explicitly sharing the user's calendar when we use delegated permissions the way it is possible while using application permissions even when the user that provides consent during the OAuth 2.0 flow is an admin user?

Thanks.

Answer 1

As far as I know, Using delegated permissions, the signed in user even if an admin can only access another users calendar if the user's calendar is delegated or shared with the admin user. To be able to access calendar of an other users regardless, that means having access to all user mailboxes.

You will be better off using application permissions which will allow the app to read calendar from all users. Checkout Client Credentials Flow.