Grant permission and get token for a certain outlook calendar in Azure Active Directory using oAuth

Question

I am currently using oAuth to get a token by Calendars.ReadWrite scope but it works for all calendars that the user has. This is my code:

const PCA = new PublicClientApplication({
    auth: {
        clientId: "***",
        authority: "https://login.microsoftonline.com/common",
        redirectUri: "http://localhost:8080/"
    }
});

PCA.loginPopup({ scopes: ["User.Read", "Calendars.ReadWrite"] })
    .then((response) => {
        console.log(response.accessToken)
    })
    .catch(function (error) {
        console.log(error);
    });

I was wondering, is there any way to get token based on a specific calendar? I would like to have a token which only works for the same calendar that user chose and does not work for other calendars that the user has.

score 0 · Answer 1 · answered Mar 23 '23 at 18:50

Unfortunately, this isn't possible. The permissions are at the Microsoft Graph level and only control access to a particular endpoint.

The workaround would be to have a separate account to which the user could share their calendar with, and you would get a token for that account instead.

Here is an example of how you can get access to a shared calendar.

Grant permission and get token for a certain outlook calendar in Azure Active Directory using oAuth

1 Answers1