Allowing calendar graph access through API but not with outlook client

Question

Hello everyone, hope I can find an answer to our issue.

We have an app configured on azure to allow members of our organization to edit a shared calendar through API. This works fine.

The issue is that giving the users edit access also adds the calendar to their outlook client which sometimes causes an issue when they accidentally create a personal event in the shared calendar instead in their own private personal calendar.

Ideally to rectify this from happening I'd like to allow them only edit access to that calendar through the API but not through their outlook client.

Any ideas on how to do this?

Thanks

vasilmichev · Answer

Which API are you using and what kind of permissions have been granted?

amiryaari · Answer

VasilMichev&nbsp;I'm running API calls like PATCH https://graph.microsoft.com/v1.0/me/calendars/[outlook_calendar_id]/events/[event_id] to update an event.The users get edit access to that calendar.&nbsp;&nbsp;

vasilmichev · Answer

So you're using the Graph API, in the delegate permissions model? That does require that the users have been granted access to the shared calendar, and depending on how you do that, it might cause the Calendar to appear in Outlook.
Have you considered using application permissions instead?

amiryaari · Answer

VasilMichev&nbsp;Thank you so much for your reply.I was using the delegate model until now, but I see that the application permission model is what I need.The question I have now is how I would set it up on the platform I am using. For the delegate permission model I used Oauth2 User-Agent flow. These are the options I have:

vasilmichev · Answer

Generally speaking, you would be using the client credentials flow: https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-client-creds-grant-flow

Forum Discussion

Allowing calendar graph access through API but not with outlook client

5 Replies

Resources