I'm trying to use the MS Graph API (which I'm new at) to write a Powershell script to copy the events from a private group calendar into a public group calendar.
So far I've managed to get the private group using this call:
$api = "https://graph.microsoft.com/v1.0/groups"
$groups = $null
try { $groups = Invoke-RestMethod -Headers @{Authorization = "Bearer $($token.access_token)" } -Uri $api -Method "GET" -ContentType "application/json" }
catch { Write-host -Foreground Red $_}
$calendar_group = $groups.value | ? -Property mailNickname -eq $pvt_group
However, when I try and move this forth and get the events for that group, I get bounced on a 403 error.
The calls I'm trying are either:
$api = "https://graph.microsoft.com/v1.0/groups/$group_ID/calendar/events"
Write-Host $api -Fore Green
$events = $null
try { $events = Invoke-RestMethod -Headers @{Authorization = "Bearer $($token.access_token)" } -Uri $api -Method "GET" -ContentType "application/json" }
catch { Write-host -Foreground Red $_}
Or:
$api = "https://graph.microsoft.com/v1.0/groups/$group_ID/events"
Write-Host $api -Fore Green
$events = $null
try { $events = Invoke-RestMethod -Headers @{Authorization = "Bearer $($token.access_token)" } -Uri $api -Method "GET" -ContentType "application/json" }
catch { Write-host -Foreground Red $_}
Both fail on the same error. NB: the $group_ID variable is correctly valued by the first call.
I've the app registered on Azure with the following permimssions:
- Calendars.Read Delegated
- Calendars.Read.Shared Delegated
- Calendars.ReadWrite Delegated
- Calendars.ReadWrite.Shared Delegated
- Directory.AccessAsUser.All Delegated
- Directory.Read.All Delegated
- Directory.Read.All Application
- Directory.ReadWrite.All Delegated
- Directory.ReadWrite.All Application
- Group.Read.All Delegated
- Group.Read.All Application
- Group.ReadWrite.All Delegated
- Group.ReadWrite.All Application
- GroupMember.Read.All Delegated
- GroupMember.Read.All Application
- User.Read Delegated
Does anybody know what I'm doing wrong? Many thanks in advance.
$($token.access_token)
to jwt.ms and check the value in thescp
element. Does it contain the Group.Read.All? – Melissa