无法访问Microsoft Graph日历API。 Authorization_RequestDenied

Question

当前，我正在通过获取访问令牌，然后向 Calendar [dot] Read API发出GET请求，来设置访问Microsoft Graph的守护进程。到目前为止，我可以检索访问令牌，但是在发出GET请求时遇到了麻烦。到目前为止，这是我的代码。

//// Running on NODEJS.... 
const XMLHttpRequest = require("xmlhttprequest").XMLHttpRequest;        
// App configuration
const APP_ID = '***************************************';   
const TENNANT = '***************************************';
const APP_SECRET = '***************************************';    
const SCOPES = 'https://graph.microsoft.com/.default';      
const TokenEndpoin = `https://login.microsoftonline.com/{${TENNANT}}/oauth2/v2.0/token`;
const sendcontent = `client_id=${APP_ID}&scope=${SCOPES}&client_secret=${APP_SECRET}&grant_type=client_credentials`;
const api_url_readCalender = `https://graph.microsoft.com/v1.0/users/`; 
//// Not sure what api_url_readCalender is suppose to be.

/**
 * Run POST to retrieve token then, 
 * Run GET to retrieve calendar API using token...
 */
POST( TokenEndpoin, sendcontent, (data) => {        
    const token_obj = JSON.parse(data);     

    /// Run GET with token and url for read calender.
    GET( api_url_readCalender, token_obj, (data)=> {
        var ojv = JSON.parse(data);
        console.log(ojv);
    });

}); 

/// Post & Get Functions...
function POST(destination, scontent, cb) {          
    var http = new XMLHttpRequest();
    http.onreadystatechange = function() {
        console.log(http.readyState, http.status);          
        if (http.readyState == 4 && http.status == 200) {            
            var data = http.responseText;
            cb(data);    
        }
    };
    http.open( 'POST', destination, true);      
    http.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
    http.send(scontent);/// scontent is sendcontent passed by parameter.    
}

function GET( destination, token,  cb ) {   
    var http = new XMLHttpRequest();
    http.onreadystatechange = function() {
        /// Print readyState and status
        console.log(http.readyState, http.status );         
        console.log( http.responseText);
        if (http.readyState == 4 && http.status == 200) {            
            var data = http.responseText;                        
            cb(data);            
        }
    };
    http.open( 'GET', destination, true );
    ///  Use toke_type and access_token for authentication. 
    http.setRequestHeader('Authorization',  token.token_type+' ' + token.access_token); 
    http.send();
}

我非常确定我的权限在Microsoft azure门户端已正确配置。我不确定访问api的网址应该是什么。当前api_url_readCalender值设置为https://graph.microsoft.com/v1.0/users/。返回GET阅读中的response.text ...

"{
  "error": {
    "code": "Authorization_RequestDenied",
    "message": "Insufficient privileges to complete the operation.",
    "innerError": {
      "request-id": "bfdb54e2-f9ad-4d75-be71-45ae807add5f",
      "date": "2019-10-02T23:16:17"
    }
  }
}"

函数GET的http.status返回403禁止。

我的应用已注册。我选择的权限是“ Microsoft-Graph>应用程序权限> Calendars.Read”。

我确定我的应用程序配置详细信息正确。 SCOPES 和 api_url_readCalender 除外。不确定 SCOPES ，因为在阅读的Microsoft教程中，说只是使用 .default 。我不确定 api_url_readCalender ，因为一旦获得令牌，我还没有阅读任何明确的文档说明关于我的用例的API地址。我希望能够检索日历中的事件。