I am unable to list events in a calendar via MS Graph API: calls result in "Access is denied". Switching to raw HTTP results in error 403 as well. I am able to create an event via a POST to /events endpoint, though.
This is the code I am executing:
$tenant = '<SNIP>'
$client_id = '<SNIP>'
$client_secret = '<SNIP>'
$scope = [System.Web.HttpUtility]::UrlEncode('https://graph.microsoft.com/.default')
$url = "https://login.microsoftonline.com/$tenant/oauth2/v2.0/token"
$Body = "client_id=$client_id&scope=$scope&client_secret=$client_secret&grant_type=client_credentials"
$response = Invoke-RestMethod $url -Method Post -Body $Body -Headers @{'Content-Type'='application/x-www-form-urlencoded'}
$token = $response.access_token
Connect-MgGraph -AccessToken $token
Get-MgUserEvent -UserId '17160c5f-dd86-46cc-92b8-54d6e94861e6'
Output:
.\Calendar.ps1
Welcome To Microsoft Graph!
Get-MgUserEvent : Access is denied. Check credentials and try again.
In C:\Users\SYSTOLA-rk\Calendar.ps1:15 Zeichen:1
+ Get-MgUserEvent -UserId '17160c5f-dd86-46cc-92b8-54d6e94861e6'
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: ({ UserId = 1716..., Property = }:<>f__AnonymousType39`7) [Get-MgUserEvent_List1], RestException`1
+ FullyQualifiedErrorId : ErrorAccessDenied,Microsoft.Graph.PowerShell.Cmdlets.GetMgUserEvent_List1
Here are the permissions in Azure configured for the app (I lack reputation for posting images): App Permissions
The issue as we found is that the Calendars.ReadBasic.All permission was causing a conflict with the other Calendar permissions. Removing this permission resolved the error
