CODEWITHSUNDEEP
azureasp.net-coreazure-active-directorymicrosoft-graph-api
Paul McWalrus
Paul McWalrus

Reputation: 13

What permissions are needed to read the Azure AD users' calendar via Graph API

I need to access the calendars of Azure AD users. I do it with the code below:

var scopes = new[] { "https://graph.microsoft.com/.default" };

var tenantId = "MY_TENANT_ID";
var clientId = "APP_ID";
var clientSecret = "APP_SECRET";


var options = new TokenCredentialOptions
{
    AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
};

var clientSecretCredential = new ClientSecretCredential(
    tenantId, clientId, clientSecret, options);

var graphClient = new GraphServiceClient(clientSecretCredential, scopes);

var user = await graphClient.Users["USER_ID"]
    .Calendar.Events
    .Request()
    .GetAsync();

As a result, I get the following error:

Status Code: Unauthorized

Microsoft.Graph.ServiceException: Code: NoPermissionsInAccessToken

Message: The token contains no permissions, or permissions can not be understood.

In Azure AD->App Registrations->API permissions I have got Calendars.Read permission, but don't have User.Read.All permission. So the question is can I get data from calendars without User.Read.All permission and if I can what am I doing wrong?

Upvotes: 1

Views: 8379

Answers (1)

Tiny Wang
Tiny Wang

Reputation: 15961

According to your code snippet, you used client credential flow to obtain the authentication and call graph api to list all calendar events for a specific user.

So you need to make your azure ad application to get Calendar.Read application permission. Without the permission then you can't call the api successfully

enter image description here

How to add application permission:

enter image description here enter image description here

Upvotes: 1

Related Questions