Fugal Junk Fugal Junk - 23 days ago 15
Node.js Question

Microsoft Graph api 403 access denied when reading other users

I'm creating an application in with angular and nodejs and I need to be able to read another user's list of events. Right now I am attempting to use "https://graph.microsoft.com/v1.0/users/otherusername@companyurl.com/events" this gives me the 403 "Access is denied. Check credentials and try again.". However, if I use "https://graph.microsoft.com/v1.0/users/myusername@companyurl.com/events" it works(as most would expect). My question is, why is it when I use outlook I can use scheduling assistant to see the events for "otherusername@companyurl.com" without being an admin but in my application I cannot see their events due to credentials?

The library I'm using to connect to microsoft graph api is https://github.com/AzureAD/azure-activedirectory-library-for-js

The delegated permissions I have set in azure are


  • View users' email address

  • Sign users in

  • Read user contacts

  • Have full access to user calendars

  • Read user calendars

  • Send mail as a user

  • Read directory data

  • Read all users' basic profiles

  • Sign in and read user profile



Application permissions (I understand these require admin)


  • Read calendars in all mailboxes



Graph api permission scopes

Any help is appreciated, thankyou.

Answer

Fugal - This is by design. You can use FindMeetingTimes API to schedule meetings with other users. This can be accomplished with just Calendar.Read permission. See http://graph.microsoft.io/en-us/docs/api-reference/beta/api/user_findmeetingtimes for more info.

For you to view another user's calendar using /events endpoint, you need a special permission (something like Calendar.Read.Shared) that we are still in the process of adding. Once we add that, you will be able to use /Events to access any calendar that another user has explicitly shared with you. But if you want to just schedule meetings, FindMeetingTimes should be sufficient.