Search code examples
outlookoffice365microsoft-graph-apioutlook-restapioutlook-calendar

Microsoft Graph - Can't read/write the calendar of other users

I have a web app registered on Azure with the goal of being able to read and write the calendars of other users. To do so, I set these permissions for this app on Azure.

However, when I try to, for example, create a new event for a given user, I get an error message. Here's what I'm using:

Endpoint

https://graph.microsoft.com/v1.0/users/${requester}/calendar/events

HTTP Header

Content-Type    application/json

Request Body

{
  "subject": "${subject}",
  "body": {
    "contentType": "HTML",
    "content": "${remarks}"
  },
  "start": {
    "dateTime": "${startTime}",
    "timeZone": "${timezone}"
  },
  "end": {
    "dateTime": "${endTime}",
    "timeZone": "${timezone}"
  },
  "location": {
    "displayName": "${spaceName}",
    "locationEmailAddress": "${spaceEmail}"
  },
  "attendees": [
    {
      "emailAddress": {
        "address": "${spaceEmail}",
        "name": "${spaceName}"
      },
      "type": "resource"
    }
  ]
}

Error message

{
  "error": {
    "code": "ErrorItemNotFound",
    "message": "The specified object was not found in the store.",
    "innerError": {
      "request-id": "XXXXXXXXXXXXXXXX",
      "date": "2018-07-11T09:16:19"
    }
  }
}

Is there something I'm missing? Thanks in advance for any help!

Solution update

I managed to solve the problem by following the steps described in this link: https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service

Solution

  • From your screenshot it's visible that you used application permission (although it'd be nice to include this information in your question):

    enter image description here

    Depending on kind of the permission you have given, you need to use proper flow to obtain access token (on behalf of a user or as a service. For application permissions you have to use flow for service, not on behalf of a user.

    You can also check your token using jwt.io and make sure it's payload contains appropriate role. If it doesn't, it's very likely you used incorrect flow.

    Regarding the expiration time of it, you may have found the information about refresh token (for example here). Keep in mind that it applies only to rights granted on behalf of a user. For access without a user you should make sure that you know when your token is going to expire and request a new one accordingly.