I'm trying to access a group calendar using the microsoft graph api as the application (I don't want to use delegate permissions).
If I request calendar events using the below I get the events for the user just fine.
https://graph.microsoft.com/v1.0/users/[emailAddress]/events
If I make a request to the following I get group information:
https://graph.microsoft.com/v1.0/groups/[groupId]/
If I make a request to this:
https://graph.microsoft.com/v1.0/groups/[groupId]/events
I get "Access is denied. Check credentials and try again."
In azure portal, I've given my app service the following Application permissions:
Calendars.Read
Calendars.Read.Shared
Group.Read.All
User.Read.All
What am I missing?
Applications permissions to list events is currently not supported. Also, listing events using delegated permissions with a Personal accounts is not supported. Please refer to List Events documentation which has the details. You can also refer to known limitations of Graph here.
A user voice on this feature request is also available here and you can upvote the same so that the product team can include into their plans.
Related
I have a question about handling permission grants of inboxes via Microsoft Graph API.
Is it possible via Microsoft Graph API to grant another user the access permission to my inbox messages?
I dont found any suitable operation until now.
Retrieving relased mailboxes from another user works fine, but how to make my own inbox visible to specific user that he has the grant to access my inbox?
I dont found a operation under:
https://graph.microsoft.com/v1.0/users.....
or https://graph.microsoft.com/v1.0/me.......
Thanks for your help
According to the documentation, you'll need delegated access.
If the app has the appropriate delegated permissions from one user, and another user has shared a mail folder with that user, or, has given delegated access to that user.
At this moment you have no way to share your mailbox by using the api. If you however shared your mailbox with some other user, they will be able to access it.
I think it's a good thing that you cannot share your mailbox from an app, because it would be easy to compromise a mailbox of some user by a malicious app. If you really want you might be able to share the users mailbox by using EWS (that is the same connection the Outlook app uses).
I would like to create a backend Node.js aplication in order to manage an Outlook Calendar (Create, delete, update events...). However I want to update the same calendar every time (Always the same account). A global calendar to everyone.
The real pourpose is to integrate this calendar Backend with dialogFlow functionality (Similar to this example in Google Calendar https://github.com/dialogflow/fulfillment-bike-shop-nodejs)
I've been looking to https://learn.microsoft.com/en-us/graph/auth-v2-service, but I don't know if it is the correct aproach to do it.
I created an app in Azure Portal, and got my token:
POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token HTTP/1.1
But can't access to https://graph.microsoft.com/v1.0/users/{id}/calendars. The message I get is similar to this:
"code": "OrganizationFromTenantGuidNotFound",
"message": "The tenant for tenant guid '68cc4dcb-5873-4ea0-a498-fe57e9b5d827' does not exist."
I've been looking to
https://learn.microsoft.com/en-us/graph/auth-v2-service, but I don't
know if it is the correct aproach to do it.
I think this is feasible.
"code": "OrganizationFromTenantGuidNotFound",
You need to use the user(tonyju#abc.onmicrosoft.com) to access calendars. And this account must have been assigned a O365 license You can refer to this.
Update:
If you just want to access the calendar of your personal account, you can use auth code flow to get the access token. And then use
https://graph.microsoft.com/v1.0/me/calendars
Is it possible to retrieve a list of co-worker Planner tasks via the API?
For example the graph explorer provides the following GET endpoint:
https://graph.microsoft.com/v1.0/users/coworker-mail/planner/tasks
I can get results back using my own email address in url, but always a 403 failure when using a coworkers email.
I have Group.Read.All as a delegated permission on the app, I am an admin user and have granted consent via the admin consent endpoint to no avail.
Is this possible? If not what am i missing and why does the explorer/api expose that endpoint?
Thanks
Querying other users' data is currently not allowed. You can provide feedback about this behavior here.
The endpoint exists to support reading signed in user's data. "me" segment is simply an alias that in reality executes the request against /users/(signed in user id).
I'm trying to create Planner Plan using Microsoft Graph API. As documented it requires groupId. I also create Group, but when i create a Planner plan using Graph Explore it returns a 403 with the message
"You do not have the required permissions to access this item, or the item may not exist."
I'm aware that in order to create a plan, It required Group.ReadWrite.All permission on Delegated (work or school account). I granted these in the Azure Portal but still get same error.
One thing is I don't know how to determine if my account is a "work or school account". My account was created by the admin of my tenant and it uses the of my organization so I guest it is Work account.
What do I have wrong here, do I need another API to assign plan to group before create?
EDIT1:
Here is the request body when i'm create a Planner Group, I'm also tried to toggle "securityEnabled" to true but it still fail when create a plan
And Here is the Request body when I create Planner Plan
EDIT2:
I also tried to update Planner plan by this API and it still failed. It seems Group.ReadWrite.All permissions does not apply to my account
Your request is failing because you are not a member of the group in which you are trying to create a plan. Changing group content requires the calling user to be a member. Owners of the group currently cannot edit the Planner content in the group, unless they are also members.
Although you have requested Group.ReadWrite.All, you cannot authorize this permission until you have received "Consent" from an Administrator.
If you're using the Azure Portal to register you app (aka the v1 Endpoint) then your admin can either use the Admin Consent workflow or directly grant permission within the portal. You can read more about he Consent Framework in Integrating applications with Azure Active Directory.
I'm trying to update O365 Group logo using Microsoft Graph API with Microsoft Graph .NET Client Library and GraphServiceClient.
Created app and added Group.ReadWrite.All (Admin Only) permissions to Application, did Admin consent to app.
When setting logo to Group I'll get exception Access is denied. Check credentials and try again.
Is there some other permissions that I need to add or is there some limitations to update logo using app permissions?
Here's the line of code that throws exception:
await graphClient.Groups[groupId].Photo.Content.Request().PutAsync(file.ContentStream);
Updating a Group's photo isn't supported using Application permissions. From the documentation:
Examples of group features that support only delegated permissions:
Group conversations, events, photo
External senders, accepted or rejected senders, group subscription
User favorites and unseen count
Microsoft Teams channels and chats.