Can we create event in user's calendar with application permissions?

Question

I am working on a project where I need to create events in user's Outlook calendars. The requirement is that job inspection dates should be added to the calendar of relevant users. Additionally, users should have the ability to manually create events on their calendars.

After some research, I've identified two possible approaches for achieving this functionality. Given these two approaches, I am unsure which one will work for my requirements. Additionally, I have questions for both:

1. Delegated permissions:

With this approach, I would utilise the delegated authentication flow, requiring the use of a user's access token to create events in their calendar.

However, I've noticed that these tokens have a relatively short expiration time, usually less than a day. Managing tokens for all users seems impractical.

So, I realise we may need to go with Application permissions.

2. Application permissions:

Having only application's access token managing it will be practicle.

I have app access token with this end point. https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token

But when I try to create event with https://graph.microsoft.com/v1.0/users/${userId}/events

I am getting error as below:

response: {
  status: 401,
  statusText: 'Unauthorized',
  data: {
    error: {
      code: 'OrganizationFromTenantGuidNotFound',
      message: "The tenant for tenant guid 'f8cdef31-xxxxx-5f571e91255a' does not exist.",
      innerError: {
        oAuthEventOperationId: 'e3f0be2e-xxxxx-a3cabb87741d',
        oAuthEventcV: 'CNUKxxoGwp3Jr9+kMI/pZw.1.1.1',
        errorUrl: 'https://aka.ms/autherrors#error-InvalidTenant',
        requestId: '446a24c5-xxxxx-f592fcef453c',
        date: '2024-03-15T05:16:08',
      },
    },
  },
}

I am not sure what am I doing wrong. I am open to any insights, recommendations or clarifications. Thank you for your assistance.

Answer 1

Can we create event in user's calendar with application permissions?

Yes, you can create event in user's calendar with application permission.

Create a Microsoft Entra application and grant Calendars.ReadWrite application permission:

Generated access token via Postman:

https://login.microsoftonline.com/TenantID/oauth2/v2.0/token

client_id:ClientID
client_secret:ClientSecret
grant_type:client_credentials
scope:https://graph.microsoft.com/.default

By using the above access token, I am able to create calendar event for the user successfully:

POST https://graph.microsoft.com/v1.0/users/UserID/calendars/CalendarID/events

Content-type: application/json

{
  "subject": "Let's go for lunch",
  "body": {
    "contentType": "HTML",
    "content": "Does mid month work for you?"
  },
  "start": {
      "dateTime": "2024-03-15T12:00:00",
      "timeZone": "Pacific Standard Time"
  },
  "end": {
      "dateTime": "2024-03-15T14:00:00",
      "timeZone": "Pacific Standard Time"
  },
  "location":{
      "displayName":"Harry's Bar"
  },
  "attendees": [
    {
      "emailAddress": {
        "address":"xxx.com",
        "name": "xxx"
      },
      "type": "required"
    }
  ],
  "transactionId":"xxx"
}

The error "OrganizationFromTenantGuidNotFound" usually occurs if you are trying to create event for the Microsoft Personal account and making use of Client credential flow to generate token and calling users/UserID/calendars/CalendarID/events endpoint .

• If you are trying to create event for the Microsoft Personal account, then you need to make use of delegated flow to generate token and call /me/calendars/CalendarId/events endpoint. Refer this SO Thread by Sridevi.
• Call organizations/common endpoint to generate token if you are calling other tenant users.
• If still the issue persists, make sure the user has office 365 license.

To increase the access token lifetime, you can refer this SO Thread by me

Reference:

Create event - Microsoft Graph v1.0 | Microsoft