4

I'm making an application that requires access to the shared/room-resource calendars in an Office 365 instance, using non-admin accounts. I've registered an app (in the Microsoft Application Registration Portal) using the V2 endpoint and Auth Code Grant. This successfully allows me to log in, and gives me a functional token with the Calendars.ReadWrite.Shared scope. With this token, I can retrieve my own calendars, and calendars that have been explicitly shared with me (and therefore added to my list of calendars). All of this is doable with just the normal Calendars.ReadWrite scope.

However, I get errors when requesting access to any other shared calendars, like the room calendars. Here's an example. If I make a GET call to https://graph.microsoft.com/beta/users/my-own-email@business.com/calendars it successfully returns a list of my calendars. If I make a GET call to https://graph.microsoft.com/beta/users/meetingroom1.4@business.com/calendars I get a 404 (Not Found) Error. The same error occurs for any other user, not just meeting rooms. Note that I can see these calendars when I'm logged into Office 365 online with the same account.

A different error occurs if I ask for events not calendars. If I make a GET call to https://graph.microsoft.com/beta/users/meetingroom1.4@business.com/events, I get a 500 (Internal Server) Error.

I've checked all the other threads I can find on the issue, and this one from November How to access shared calendars from Office REST API? says there's some kind of blocking issue on Microsoft's end. It's using the Office REST API rather than Graph, but on the back-end the APIs call the same stuff. Is this issue still about? Alternatively, am I missing some further permissions? I tried adding quite a few different permissions on top of Calendars.ReadWrite.Shared, but none of them fixed it. Is there a correct combination?

Thanks so much for any help, and let me know if any other info would be useful for diagnosis.

Community
  • 1
  • 1
Tom Knowles
  • 61
  • 5

1 Answers1

1

So if anyone else happens to be interested in this, I figured out a way to access room resource calendars without using the Calendars.ReadWrite.Shared permission. This allows you to use just the Calendars.ReadWrite permission to access the room resources, by moving them into the list of calendars of the email you're authenticating with. However, it will only work for specific accounts that you share the calendars with, so won't be usable in apps that have to work for any account. This is good enough for my use-case, but may not be for yours.

First, find or make an account that is a delegate to, and has full access to, the room resource calendar you want to use. On that account click 'Open another mailbox' in the dropdown list under your profile image.

Open another mailbox location

In the pop-up that follows, put in the email address of the room resource calendar that you want to use.

Then, on the new page that opens (which should be the Office account of the room resource calendar):

  • Navigate to the calendar page
  • Click 'Share'
  • Share the default calendar with the account you plan to authenticate with.

Then log into that 'authentication' account, check its email for the notification of the shared calendar, and click 'accept'. What this will do is move the calendar into the authenticated account's list of calendars, meaning you can access it with just a call to the https://graph.microsoft.com/v1.0/me/calendars endpoint. You'll have to repeat it for every calendar you want to be able to access, sadly.

Tom Knowles
  • 61
  • 5