CODEWITHSUNDEEP
azure-active-directorymicrosoft-graph-api
Donovan Charpin
Donovan Charpin

Reputation: 3397

Access denied when fetching resource (room) calendar

I implemented msgraph where I get the resources (rooms)

/places/microsoft.graph.room

Then, for each resource, I call the endpoint to get the calendar (from the room email address)

/users/<ResourceEmail>/calendar

It works well with a client using only Microsoft 365 but for another client using Microsoft 365, Azure AD and exchange, I'm not able to get the second call retrieving the calendar, I get this error

403 Forbidden: {"error":{"code":"ErrorAccessDenied","message":"Access is denied. Check credentials and try again."}}

The scopes are

"Calendars.ReadWrite",
"Place.Read.All",
"Directory.ReadWrite.All",
"User.ReadWrite.All",
"offline_access"

The account that connected through Oauth2 is admin. We tried to connect to Outlook 365 with this account and I can see the resources and the calendars. We delegated the resource to the admin in Office 365 and Azure, I really don't understand this issue as it works with a client and not the other, there is maybe a misconfiguration in the account?

Thanks!

Upvotes: 1

Views: 681

Answers (1)

ShrutiJoshi-MT
ShrutiJoshi-MT

Reputation: 1851

Try with this

1) Give the full access to to other users in Office 365. See Use the EAC to assign permissions to individual mailboxes. (you should be able to find the room under Resources. And the process can take up to hours for the changes to propagate through the system and be in effect.)

2) Add one more delegated permission: Calendars.ReadWrite.Shared .

Refer this link to know more about permissions

giving full access to other users and assign Calendars.ReadWrite.Shared delegated permission, which means the delegated users can open the mailbox of User Room and do anything except send messages (including access its data).

Upvotes: 1

Related Questions