Search code examples
c#microsoft-graph-apimicrosoft-graph-sdksmicrosoft-graph-calendar

Microsoft Graph list group events using Application Permission

Is there any way to get an office 365s group's events using the application credentials instead of the delegated work or school account?

I have been tasked with gathering group events from two tenants with different users and putting all these events together in a calendar so having users sign in with their account would not be feasible.

unfortunately it appears that list events does not support application permissions.

  • Delegated (work or school account) Group.Read.All, Group.ReadWrite.All
  • Delegated (personal Microsoft account) Not supported.
  • Application Not supported.

as indicated I tried this in C# console app and was successful with delegated account (user had to sign in with their office 365 credentials)

 public static async Task<Microsoft.Graph.IGroupEventsCollectionPage> GetEventsDelegate()
    {

        // Ensure client isn't null
        _ = _userClient ??
            throw new System.NullReferenceException("Graph has not been initialized for user auth");

        var events = await _userClient.Groups["88d59881-7b15-4adc-a756-5d10681cf99d"].Events
    .Request()
    .GetAsync();

        return events;
    }

this returns

event: Strategic Empathy FC 8
event: NTL Space Research & Electives Information Briefing
event: Design FC

but trying the same thing with application credential (client secret no user logon)

 public static async Task<Microsoft.Graph.IGroupEventsCollectionPage> GetEventsApplication()
    {
        EnsureGraphForAppOnlyAuth();
        // Ensure client isn't null
        _ = _appClient ??
            throw new System.NullReferenceException("Graph has not been initialized for app-only auth");

        var events = await _appClient.Groups["88d59881-7b15-4adc-a756-5d10681cf99d"].Events
    .Request()
    .GetAsync();

        return events;
    }

this throws a permission error

Error getting groups: Code: ErrorAccessDenied Message: Access is denied. Check credentials and try again. ClientRequestId: c7aa66d8-c7b4-4424-9735-9a364e40e4fa

here are my permissions

    Delegated   Read all groups Yes Granted for pf2b Group.Read.All
    Application Read all groups Yes Granted for pf2b Group.ReadWrite.All
    Delegated   Read and write all groups Yes Granted for pf2bGroup.ReadWrite.All
Application Read and write all groups Yes Granted for pf2b

so I was just wondering if there is any way around this. is there any way to get a group's events without using a delegated account?

Solution

  • Unfortunately ,there is no workaround other than having Delegated permission (work or school account) ,if you can raise a user voice for this - https://techcommunity.microsoft.com/t5/microsoft-365-developer-platform/idb-p/Microsoft365DeveloperPlatform enter image description here

    Hope I answered you question . Thanks