Search code examples
azurepostmanoutlook-api

How to get outllok calendar list?


I have set up a azure app and granted all required permission to get calendar list of logged in userenter image description here

Now I am calling calendar list api from post man with all required credentials with the scope following Calendars.ReadWrite Calendars.Read Calendars.Read.Shared Calendars.ReadBasic

i am getting access token successfully

but using that token when i am calling calendar list api https://graph.microsoft.com/v1.0/me/calendars

i am getting following error

{"error":{"code":"AuthOMMissingRequiredPermissions","message":"The AadGuestPft token doesn't contain the permissions
required by the target API for calling app
'00000003-0000-0000-c000-000000000000'.","innerError":{"oAuthEventOperationId":"a244c7b2-8c6f-4c98-874c-5f8e1df48d02","oAuthEventcV":"tEIoCwoZzcePn4FTJroLdw.1.1.1","errorUrl":"https://aka.ms/autherrors#error-InvalidGrant","requestId":"71f80207-9747-4191-928c-7180601269f5","date":"2024-12-16T14:22:18"}}}

Solution

  • error:"code":"AuthOMMissingRequiredPermissions","message":"The AadGuestPft token doesn't contain the permissions required by the target API for calling app

    This error occurs usually, when a user is logged in as a guest user, As Guest users don't have Exchange Mailboxes within the resource tenant so you cannot able to fetch the Calendar data.

    User are only able to fetch the Calendar events in the root tenant where user is created.

    To resolve the error, need to generate access token using authorization_code flow, For generating code use/common/oauth2/v2.0/authorize endpoint and for generating access token /common/oauth2/v2.0/token.

    Registered Multi-Tenant Microsoft Entra ID application in resource tenant, Added Calendar.ReadWrite Delegated type API permission and Granted Admin Consent like below:

    enter image description here

    Using authorization_code flow to generate the access token.

    To get code, I ran below authorization request in browser:

    https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
    &client_id=<AppID>
    &response_type=code
    &redirect_uri=YOUR REDIRECT URI
    &response_mode=query
    &scope=https://graph.microsoft.com/.default
    &state=12345
    

    enter image description here

    Now, generated access token using below parameters:

    GET https://login.microsoftonline.com/common/oauth2/v2.0/token
    
    client_id = <app_id>
    client_secret = <client_secret>
    grant_type=authorization_code
    scope=https://graph.microsoft.com/.default
    redirect_uri= https://jwt.ms
    code=<code>
    
    

    enter image description here

    To list the calendar events:

    GET https://graph.microsoft.com/v1.0/me/calendars
    

    enter image description here

    Reference:

    Microsoft QnA Thread by CarlZhao-MSFT