Authorization Denied trying to access Bookings Api in Microsoft Graph

Question

I am trying to create an app that runs from an AWS lambda that acts as a middle man for customers wanting to sign up for a booking using Microsoft Bookings. Following the docume

Answer 1

We can see the document shows the graph api(bookingBusinesses) which you want to request requires delegated type permissions and not support application type permission.

So we can not use "client_credentials" grant flow, your code shows you use "client_credentials" as the grant type. You can use "username/password" grant flow to get the access token instead. So the param you request for the access token should be like below:

const requestParams = {
    client_id: APP_ID,
    client_secret: APP_SECRET,
    grant_type: "password",
    scope: "https://graph.microsoft.com/.default",
    username: "your user name/email(like xxxxx@xxx.onmicrosoft.com)",
    password: "your password"
};

By the way, I noticed the "TOKEN_ENDPOINT" in your code is https://login.microsoftonline.com/${process.env.BOOKINGS_TENANT_NAME}.onmicrosoft.com/oauth2/token and you use both params resource and scope in requestParams. If we use v1 endpoint as your code, we just need to use the param resource. If we use v2 endpoint(https://login.microsoftonline.com/${process.env.BOOKINGS_TENANT_NAME}.onmicrosoft.com/oauth2/v2.0/token), we need to use use the param scope instead of the param resource. The code I provided above use v2, so I use scope param and you also need to change the "TOKEN_ENDPOINT" to v2(just add a v2.0 between the oauth2/ and /token).

If you don't want to change the "TOKEN_ENDPOINT" to v2, just use the params like below:

const requestParams = {
    client_id: APP_ID,
    client_secret: APP_SECRET,
    grant_type: "password",
    resource: "https://graph.microsoft.com",
    username: "your user name/email(like xxxxx@xxx.onmicrosoft.com)",
    password: "your password"
};

Hope it helps~