How to create/read calendars and events Azure Activity Directory [Microsoft.Graph]

Question

We want to interact with Office 365 Calendar, in this moment we are calling Microsoft Graph but we get a 401 (Unauthorized).

We are using the Microsoft.Graph library and the typical get users (graphServiceClient.Users.Request().GetAsync()) does work but creating a Calendar or Event doesn't work. (nor GraphServiceClient.Me.[...].Request().GetAsync() works).

We are trying this call manually, we didn't find a way to do through the library.

And this is how we get the token (We use client authentication not user authentication).

Desperately we gave all the permission to the app, but we are still getting 401

The token analyzed with jwt.io:

{
      "aud": "https://graph.microsoft.com",
      "iss": "https://sts.windows.net/11111111-24c0-480b-8ae3-a3ac34592a1a/",
      "iat": 1541581025,
      "nbf": 1541581025,
      "exp": 1541584925,
      "aio": "11111111111/AAAAA+115sO7D/yAwA=",
      "app_displayname": "CalendarCrawler",
      "appid": "11111111-efc2-4b9d-ae48-a04977183bd1",
      "appidacr": "1",
      "e_exp": 262800,
      "idp": "https://sts.windows.net/11111111-24c0-480b-8ae3-a3ac34592a1a/",
      "oid": "11111111-15f2-479c-9485-7cb9b5cce691",
      "roles": [
        "Chat.UpdatePolicyViolation.All",
        "Calls.JoinGroupCall.All",
        "EduRoster.Read.All",
        "OnlineMeetings.Read.All",
        "Mail.ReadWrite",
        "OnlineMeetings.ReadWrite.All",
        "Device.ReadWrite.All",
        "User.ReadWrite.All",
        "Domain.ReadWrite.All",
        "Application.ReadWrite.OwnedBy",
        "SecurityEvents.Read.All",
        "Calendars.Read",
        "EduAssignments.ReadWrite.All",
        "People.Read.All",
        "Application.ReadWrite.All",
        "Calls.InitiateGroupCall.All",
        "Group.Read.All",
        "Directory.ReadWrite.All",
        "EduAssignments.ReadWriteBasic.All",
        "MailboxSettings.Read",
        "EduAdministration.Read.All",
        "Calls.JoinGroupCallAsGuest.All",
        "Sites.Read.All",
        "Sites.ReadWrite.All",
        "Contacts.ReadWrite",
        "Group.ReadWrite.All",
        "Sites.Manage.All",
        "SecurityEvents.ReadWrite.All",
        "Notes.Read.All",
        "User.Invite.All",
        "EduRoster.ReadWrite.All",
        "Files.ReadWrite.All",
        "Directory.Read.All",
        "User.Read.All",
        "EduAssignments.ReadBasic.All",
        "EduRoster.ReadBasic.All",
        "Files.Read.All",
        "Mail.Read",
        "Chat.Read.All",
        "ChannelMessage.Read.All",
        "EduAssignments.Read.All",
        "Calendars.ReadWrite",
        "identityriskyuser.read.all",
        "EduAdministration.ReadWrite.All",
        "Mail.Send",
        "ChannelMessage.UpdatePolicyViolation.All",
        "MailboxSettings.ReadWrite",
        "Contacts.Read",
        "IdentityRiskEvent.Read.All",
        "AuditLog.Read.All",
        "Member.Read.Hidden",
        "Calls.AccessMedia.All",
        "Sites.FullControl.All",
        "Reports.Read.All",
        "Calls.Initiate.All",
        "Notes.ReadWrite.All"
      ],
      "sub": "11111111-15f2-479c-9485-7cb9b5cce691",
      "tid": "11111111-24c0-480b-8ae3-a3ac34592a1a",
      "uti": "CFOL_8eguUS2aGh5-jgOAA",
      "ver": "1.0",
      "xms_tcdt": 1541410090
    }

Any suggestion?

Thanks in advance

[EDIT] We have done another question more clear, please follow How to use Microsoft.Graph with client authorization and not get a 401

Answer 1

Based on related API such as Post events API, we could know that Calendars.ReadWrite permission is required. But It also need to requires Admin consent, so please don't forget to "Grant Permissions". If you are using admin account then you could do that.

We are trying this call manually, we didn't find a way to do through the library.

The following code is the demo how to get/create calendars and create event through the library.

Note: The user must be an office365 account, or will get ResourceNotFound exception.

string graphResourceId = "https://graph.microsoft.com/";
string authority = "https://login.microsoftonline.com/{0}";
string tenantId = "tenantId";
var accessToken = authContext.AcquireTokenAsync(graphResourceId, new ClientCredential(clientId,secret)).Result.AccessToken;
AuthenticationContext authContext = new AuthenticationContext(authority);
var graphserviceClient = new GraphServiceClient(
                new DelegateAuthenticationProvider(
                    requestMessage =>
                    {
                        requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", accessToken);

                        return Task.FromResult(0);
                    }));

//get calendars
var calendars = graphserviceClient.Users["userObjectId"].Calendars.Request().GetAsync().Result
//new calendar
var calendar = graphserviceClient.Users["userObjectId"].Calendars.Request().AddAsync(
            new Calendar {
               Name = "name"
            }).Result

//new event
var cal = graphserviceClient.Users["userObjectId"].Events.Request().AddAsync(
            new Event {
                Subject = "test",
                Start = new DateTimeTimeZone {DateTime = "2018-11-07T00:56:52.584Z",TimeZone = "UTC" },
                End = new DateTimeTimeZone { DateTime = "2018-11-07T01:56:52.584Z", TimeZone = "UTC" }

            }).Result;

Answer 2

I would try the call from Graph Explorer in Developer portal to check if the issue is AD Permission. If you are successful then issue is not with AD Permission but token creation.

Image

More information https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_post_events