I tried search most of today and not finding the root of my issue. I registered an app and copied the ids as needed to make calls to the Microsoft Graph API.
On making a GET call to users/xxxxxxx-f192-4758-xxxx-3f1c27ee5ef9/events, I do get back all my events in the Calendar.
But the issue is, when making a POST call to me/events using the data below:
$calendarEventData = array
(
'subject' => 'Test event in my calendar',
'start' => array
(
'dateTime' => '2020-12-22T15:14:14.524Z',
'timeZone' => 'UTC'
),
'end' => array
(
'dateTime' => '2020-12-22T17:14:14.524Z',
'timeZone' => 'UTC'
),
'body' => array
(
'content' => 'This is some hard coded body content',
'contentType' => 'text'
)
);
I get back a HTTP/1.1 403 Forbidden returned for "https://graph.microsoft.com/v1.0/me/events". I have ensure that the API permissions for Calendars.ReadWrite does exist and consent has been granted too (even redid that to seee if that makes a difference)
Please advise where I am going wrong?
Thank you
The problem may be caused by you assign the permission Calendars.ReadWrite in Application type(but not Delegated type) and you use client credential flow to do authentication. As client credential flow doesn't require you input username and password, so the access token will not contain the user information. When you request the api https://graph.microsoft.com/v1.0/me/events, the api backend don't know who is me. So it shows 403 error message.
To solve this problem, you can use the object id of "me" to replace me in your request api. Like POST https://graph.microsoft.com/v1.0/{user object id}/events.