I have an app that requires a user to provide access to their calendar to use a specific feature.
The permission I specifically ask for is -
"calendars.readwrite"
Some of the users have an issue with this and are requesting a solution so that my app can only access those specific events where the attendees are the employees of their company. Is there a permission level solution Microsoft provides for this?
If you want to restrict the calendar events/range then you can use calendarview, but it won't let you what you look for - such as granularity permission (say, calendars.readwrite) or inbuilt functionality doesn't exist at this point with Graph API. If you want Microsoft to implement that feature then consider filing a feature request/uservoice or upvote the existing one.
Related
I am trying to read a person's Out of Office text with MSGraph. I understand the only way to do this is by getting the person's mailbox settings as indicated here.
Is there another way to read a person's Out of Office Message?
Assuming there is no other way I then have read for example in this link that to call GET /users/{id|userPrincipalName}/mailboxSettings you need to have Application Permissions for MailboxSettings.Read, MailboxSettings.ReadWrite. Is this still the case? It does not make sense to me that you need Application level permissions. Is there not a delegated (admin consent required) MailboxSettings.Read.All??? The problem is that most IT departments will be hesitant (or pigs are going to fly before some IT departments) give an application this permission to run without a signed in user.
Alternatively, I see that there is a User property of mailboxsettings, thus using the $select query parameter you can call this https://graph.microsoft.com/v1.0/users/{id}?$select=mailboxSettings does or should this work with the User.Read.All.
UPDATE in accordance with the suggestion below I have added 2 suggestions to the MSGraph user voice.
A person's out of office information should be included with their calendar / freebusy (getschedule) information.
There should be a Mailboxsettings.Read.All permission.
Please click on the link and vote them up if you agree.
No, there is no MailboxSettings.Read.All or MailboxSettings.Read.Shared. You can see the list at https://learn.microsoft.com/graph/permissions-reference#mail-permissions. I encourage you to request this as a feature at https://microsoftgraph.uservoice.com.
One possible approach given the currently available permissions around this API is to use app permissions and configure an app access policy to limit the mailboxes it can access - if that's the concern you're mentioning. I'm not clear on why it would be preferable to give a user account access to this info for all mailboxes in an org but not an app service principal.
It isn't included as part of User.Read.All by design. It's not really a property on the user, it's config stored in the mailbox. It's abstracted as a property in Graph, but it requires additional permissions to access.
Scenarios for accessing the Calendar usually involve the user signing in and granting consent to give delegated permissions. This seems to apply to both Office 365 and Graph APIs.
I have seen solutions here for accessing Calendar without UI, but it involves storing the username and password which is less than desired. The other option is using the Graph API with application permission - unfortunately, the Calendars.ReadWrite permission is for all users: "Read and write calendars in all mailboxes". It's unlikely I can get this access granted by an admin as I work in a large company, not to mention I simply don't need that much access.
So my question is, is there any way to get application permission (or any other way to access outlook calendar without UI) for only a handful of users?
You can use scoping https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/concepts/auth-limit-mailbox-access.md which allows application permissions to be limited to a subset of user. What type of application are you actually trying to create ? Something like getSchedule https://learn.microsoft.com/en-us/graph/api/calendar-getschedule?view=graph-rest-1.0&tabs=http can be used by the logged on user to query another users FreeBusy permission and retrieve a limited subset of information about appointments eg Start,End,Subject,location which is often ample for a lot of calendar applications.
I am implementing a new functionality to manage events in ICLOUD calendar(includes my own calendar as well as other ICLOUD users calendar).I successfully implemented the functionality with CALDAV, but here I wanted to know is there any better approach to do the same.
Below mentioned steps will explain how I achieved ADD/EDIT/DELETE functionality with CALDAV in other ICLOUD users calendar.
otheruser#gmail.com :icloud account of a user who shares his calendar with me
myaccount#gmail.com: referring to my icloud account
otheruser#gmail.com will share his/her calendar with myaccount#gmail.com
Once i accept the request this calendar will be listed in myaccount#gmail.com
Using below CALDAV api I will get all calendars listed in my account
From the response of above request I will get each calendar url and perform add/edit/delete action accordingly.
Note:Here one drawback is I need to ask each user of my application to share(but sharing it private not as public) his personal calendar with my account.
I am using c# as it is a .net application.
Any help would be appreciated.Thanks in advance.
The question is quite broad so it is hard to really figure out what you are looking for.
In any case one thing about your PROPFIND request: You should also ask for the DAV:resourcetype property (defined in https://www.rfc-editor.org/rfc/rfc4918#section-15.9) and, in your response, only consider the ones that have a calendar value in their resource type (see https://www.rfc-editor.org/rfc/rfc4791#section-4.2).
I'm working on an application that does OAuth authorization on behalf of multiple users. My application wants to be able to create a calendar for user A and then share that calendar as read only to user B. It will then create events on that calendar so that they appear for user A as read/write and for user B as read only.
Obviously the Microsoft Graph API supports creating a calendar and putting events on it. My question pertains to the sharing part.
Does the Microsoft Graph API (or the Outlook 365 REST API) support sharing a calendar from one user to another user? I wouldn't want user B to receive the typical email that announces that user A shared a calendar with them. After creating the calendar under user A's account, I'd want to use user A's credentials to set up the sharing permission to user B. Then I would use user B's credentials to add the shared calendar to their list of calendars so that they see it in the Outlook 365 calendar interface.
I've read through a lot of the documentation and have been playing around with a prototype, but I can't find where this use case is supported.
I'm afraid this isn't possible to do via Microsoft Graph. The scenario seems reasonably straight forward, I recommend visiting the UserVoice and adding this suggestion.
I'd like to be able to access a user's iCal and create events from my server, is this possible, preferably with some kind of OAuth2 setup like with Google Calendar? If so where can I find documentation on the API?
Unfortunately no. There is currently no OAuth whatsoever for iCloud. However, there are two solutions to consider:
Ask the user for their AppleID and password and store it on your server (not recommended for security reasons). This will allow access to EVERYTHING the user has enabled on their account; even the ability to log in and purchase content - thus the security issue. But it will give you direct access to iCal.
Ask the user for access to calendar through your app. Using EKEventStore requestAccessToEntityType: method you can gain access to the users local calendar. You could batch those events and send them to your server. You can find information on how to access calendar here.
It is possible. iCloud supports CalDAV on caldav.icloud.com, and that quite well. It allows you to create, modify and delete events and tasks. Unfortunately you have to have the user's credentials for this though.