Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The MyTimetable Office 365 integration is able to connect to a user's calendar using the Outlook Calendar REST API. This page describes how to grant MyTimetable access to the Outlook Calendar REST API. MyTimetable will then be able to access calendars without explicit consent of a user.

...

Image Modified

Your application is now registered with Azure AD. Proceed with the next step to specify the app permissions.

Step 2: Specifying app permissions

Next, we need to make sure the newly created app has the correct permissions to access user calendars.

Note

The "Read and write calendars in all mailboxes" application permission is described by Microsoft as "Allows the app to create, read, update, and delete events of all calendars without a signed-in user". Less restrictive scopes that allow MyTimetable to perform the operations required are not available at the moment. MyTimetable only reads, updates and deletes calendar events it has created itself, but this is something that is enforced in the synchronisation backend, not by Office 365. So while MyTimetable does not read, update or delete other calendar events, it does have the permissions to do so.

This permission can optionally be scoped to specific mailboxes by following the instructions at Scoping application permissions to specific Exchange Online mailboxes.

  • In the newly created application choose "API permissions".
  • Click "Add a permission".

Image Modified

  • When using application-level permissions (e.g., MyTimetable is authorised to sync to all mailboxes by default):
    • Choose "Microsoft Graph" > "Application Permission" > "Calendars" and tick "Calendars.ReadWrite".
    • Click "Add permissions".
    • Add another permission (required for older MTT versions), click "Add a permission" again.
    • Choose "Exchange" > "Application Permission" > "Calendars" and tick "Calendars.ReadWrite.All".
    • Click "Add permissions".
    • Click "Select"
    • Click "Done"
  • When using delegated-level permissions (e.g., the user still has to authorise MyTimetable itself when enabling the sync):
    • Choose "Microsoft Graph" > "Delegated Permission" > "Calendars" and tick "Calendars.ReadWrite".
    • Click "Add permissions".
    • Click "Select"
    • Click "Done"

The default permissions can be removed
  • Click "User.Read"
  • Click the "Remove permissions" button and confirm using "Yes, remove"

Image Modified


FinallyIf using application-level permissions, we need to consent to the apps permissions on behalf of all users in the tenant, as this is . This step is not required for application delegated-level permissions.:

  • Click the "Grant admin consent" button and confirm using "Yes"

...

MyTimetable requires the generated X.509 certificate and the corresponding private key to be available in a Java Keystore. The Eveoh support department can store the X.509 certificate and its private key into a Java Keystore for you. If you want to do it yourself, please follow these steps:

  • Save the X.509 certificate and the private key into the PKCS12 format using OpenSSL:
Code Block
languagebash
openssl pkcs12 -export -in cert.pem -inkey key.pem -out cert.pfx

...

...