I am using an application client created in Azure to synchronize calendar events from my application to users calendar on MS 365 using Microsoft Graph API.
It works fine for users who have their calendars "in the cloud", but fails for on premise users in a hybrid setup.
I get errors like this:
com.microsoft.graph.http.GraphServiceException: Error code: UnknownError
Error message:
POST https://graph.microsoft.com/v1.0/users/someUser@aCustomer.dk/calendar/events
SdkVersion : graph-java/v1.7.1
SdkVersion : graph-java/v1.7.1
Authorization : Bearer eyJ0eXAiOiJKV1Q......u2q0m1FQ
{"subject":"Some subject","body":{"contentType":"html","content":"Some text body"},"sensitivity":"normal","start":{"dateTime":"2021-12-28T11:00:00.000","timeZone":"Europe/Copenhagen"},"end":{"dateTime":"2021-12-28T12:00:00.000","timeZone":"Europe/Copenhagen"},"showAs":"busy","type":"singleInstance","attendees":[{"type":"required","emailAddress":{"address":"someUser@aCustomer"}}],"categories":["myApp"]}
401 : Unauthorized
Transfer-Encoding : chunked
Strict-Transport-Security : max-age=31536000
Cache-Control : private
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"West Europe","Slice":"E","Ring":"5","ScaleUnit":"000","RoleInstance":"AM1PEPF0000C434"}}
client-request-id : 09bab81a-a6eb-448c-87cb-3fa7e9a36328
Vary : Accept-Encoding
request-id : 83cadd3b-8d44-43d8-b678-c81a2778bab0
Date : Mon, 07 Feb 2022 07:28:19 GMT
Content-Type : application/json
{
"error": {
"code": "UnknownError",
"message": "",
"innerError": {
"date": "2022-02-07T07:28:20",
"request-id": "83cadd3b-8d44-43d8-b678-c81a2778bab0",
"client-request-id": "09bab81a-a6eb-448c-87cb-3fa7e9a36328"
}
}
}
Decoding the bearer token i see these values:
"appidacr": "1", #client ID and client secret are used
"roles": [
"User.ReadWrite.All",
"Calendars.Read",
"User.Read.All",
"Calendars.ReadWrite",
"Application.Read.All"
],
By the look of the error I am assuming that we get through to the customers exchange server, but our request for creating an entry in the users calendar is denied (but I am not sure).
I have seen other posts claiming that accessing a users account using an application client and client secret is not supported by on premise servers. Can anyone confirm this?
This article also supports the suspicion that on premise exchange servers do not support application clients.
Do any of you have suggestions for debugging this issue? Any logs you can suggest that my customers look into?
PS. I have had a similar issue with another customer, though the error was another. The customer gave up on finding a solution, so I closed that issue.