0
votes

We must write a synchronisation solution that must create and update calendar events in O365 for up to 4000 users. It is impossible to authenticate as each user to do this, but all docs and examples I found are based on direct authentication as the current user.

From another Calendar REST API I know masquerading, there I can create a app token as Administrator, and then masquerade the URI as another user to create events.

But it seems that Outlook/O365 don't have this feature. Which way must I choose for the solution?

1

1 Answers

1
votes

You can actually get an application-level token which will give you access to everything.

It involves adding application-level permissions to the app, then using a one-time oAuth login with an admin account which will give those permissions to the app.

You can then use the oAuth client credentials auth process to retrieve a token without further user interaction (just using the app id and secret).

All the details are here: https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service

Of course, things like /me will no longer work, you'll have to access specific users.

Note: there's quite a bit of confusion around the differences between Outlook REST API, Office 365 REST API, Microsoft Graph, but the latter seems to be the most recent.

There are also two different ways of registering apps, make sure you use the one described in the document above if you want to use that process. If you use the Azure app registration, the process is slightly different (described at the end of the above linked document), but the end result should be the same.