microsoft graph get access token that can be use to get user's calender

Question

My main purpose is to get User's calender by single admin access token. i am trying to get access token by following these steps.

URL :https://login.microsoftonline.com/{tenentId}/oauth2/v2.0/token Body client_id:client_ID scope:https://graph.microsoft.com/.default client_secret:client_secretID grant_type:client_credentials

this give me an access token but when i try to use this token to get the users data from this url https://graph.microsoft.com/v1.0/users i got this error

{ "error": { "code": "Authorization_RequestDenied", "message": "Insufficient privileges to complete the operation.", "innerError": { "date": "2021-04-20T11:13:13", "request-id": "66d3af76-xxxx-xxxx-xxxx-c39e7xxxxxx", "client-request-id": "66d3af76-xxxx-xxxx-xxxx-c39exxxxxx" } } } }

i have enabled all the permission required in my Azure app

Answer 1

Here you are using the App Context flow where you would be getting App token. Here you need to specify the Application permissions 'User.Read.All' in Azure AD App to work. Make sure you have granted admin consent for this permission. Then you would see that permission in the token and it allows you to get users from /users.

If you don't see the above grant admin consent button then you are not the global admin so you should as your admin to grant consent to this permission.