问题
I created an event through a shared mailbox in Graph API.
https://graph.microsoft.com/v1.0/users/{shared-user-id}/calendars/{shared-calendar-id}/events
{
"subject": "New Event Test",
"body": {
"contentType": "HTML",
"content": "Mail FLow Test"
},
"start": {
"dateTime": "2021-01-29T12:00:00",
"timeZone": "Eastern Standard Time"
},
"end": {
"dateTime": "2021-01-30T14:00:00",
"timeZone": "Eastern Standard Time"
},
"attendees": [
{
"emailAddress": {
"address":"calendar@contoso.com",
"name": "Calendar Organizer"
},
"type": "required"
}
]
}
This creates an event successfully, and after that, I patched this event with extended data using open extension.
https://graph.microsoft.com/v1.0/users/{user-id}/calendars/{calendar-id}/events/{just-created-event-id}
{
"extensions": [
{
"@odata.type": "microsoft.graph.openTypeExtension",
"extensionName": "Com.Contoso.Events",
"courseId": 22,
"materialId": 75,
"courseType": "video"
}
]
}
This seems not to work. This responses Access is denied.
https://graph.microsoft.com/v1.0/users/{shared-user-id}/calendars/{shared-calendar-id}/events?$expand=extensions($filter=id eq 'Microsoft.OutlookServices.OpenTypeExtension.Com.Contoso.Events')
It responses ErrorAccessDenided with error message "Access is denied. Check credentials and try again".
But if I try this without expanding extensions, then it works.
I couldn't even to create an event because it responded with the same error and message "Access is denied. Check credentials and try again", so I added an API permission MailboxSettings.ReadWrite in my Azure AD that made work an event creation through the shared mailbox.
What is the reason why I can create or get events but not add or expand extensions?
回答1:
Move my comment here so that this issue is treated as answered.
The method you are using is incorrect. Please refer to this sample to create the open extension.
But based on my test, we cannot use an admin (or a delegated user or a shared mailbox member) to create the extension for the shared mailbox (Even if I have added Calendars.Readwrite.Shared permission). It will give 403 error as you have encountered.
When I sign in with the shared mailbox user, it can create the open extension for itself.
So the conclusion is: when we use delegated permissions (user token), we can only create an open extension for the currently logged in user himself.
来源:https://stackoverflow.com/questions/65717070/cant-get-events-with-open-extension-in-microsoft-graph-api