I’m working with C# desktop applications that manage calendar events in our Google Workspace shared calendars using Google APIs and OAuth authentication.
The Issue:
Creating new calendar events works perfectly, but deleting existing events fails with permission errors. The main problem is that the person trying to delete an event might not be the same person who originally created it. All users are internal Google Workspace users in our organization.
Current API Scopes:
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/gmail.send
https://www.googleapis.com/auth/gmail.settings.basic
https://www.googleapis.com/auth/calendar
https://www.googleapis.com/auth/calendar.events
https://www.googleapis.com/auth/calendar.app.created
Authentication Method:
public static async Task<bool> AuthenticateUser() {
ClientSecrets appSecrets;
using (FileStream stream = new FileStream("credentials.json", FileMode.Open, FileAccess.Read))
{
appSecrets = GoogleClientSecrets.FromStream(stream).Secrets;
}
try
{
AppContext.userCredential = await GoogleWebAuthorizationBroker.AuthorizeAsync(
appSecrets,
AppContext.requiredScopes,
"currentUser",
CancellationToken.None,
new FileDataStore("Calendar.App.Data", false));
var serviceInit = new BaseClientService.Initializer()
{
HttpClientInitializer = AppContext.userCredential
};
var gmailSvc = new GmailService(serviceInit);
var sendAsData = gmailSvc.Users.Settings.SendAs.List("me").Execute();
foreach (SendAs item in sendAsData.SendAs)
{
if (item.IsPrimary == true)
{
AppContext.userSignature = item.Signature;
AppContext.userEmail = item.SendAsEmail;
break;
}
}
}
catch (Exception error)
{
ErrorLogger.WriteError(error, MethodBase.GetCurrentMethod().Name);
throw;
}
return true;
}
Retrieve Calendar Event:
public static async Task<Event> FetchCalendarEvent(string eventId) {
try
{
using (FileStream stream = new FileStream("credentials.json", FileMode.Open, FileAccess.Read))
{
var appSecrets = GoogleClientSecrets.FromStream(stream).Secrets;
}
AppContext.userCredential = await GoogleWebAuthorizationBroker.AuthorizeAsync(
appSecrets,
AppContext.calendarScopes,
"currentUser",
CancellationToken.None,
new FileDataStore("Google.Calendar.Auth", false));
var serviceInit = new BaseClientService.Initializer()
{
HttpClientInitializer = AppContext.userCredential
};
var calendarSvc = new CalendarService(serviceInit);
var calendarEvent = calendarSvc.Events.Get(AppContext.SHARED_CALENDAR, eventId).Execute();
return calendarEvent;
}
catch (Exception error)
{
ErrorLogger.WriteError(error, MethodBase.GetCurrentMethod().Name);
throw;
}
}
Delete Calendar Event:
public static async Task<bool> DeleteCalendarEvent(string eventId) {
try
{
using (FileStream stream = new FileStream("credentials.json", FileMode.Open, FileAccess.Read))
{
var appSecrets = GoogleClientSecrets.FromStream(stream).Secrets;
}
AppContext.userCredential = await GoogleWebAuthorizationBroker.AuthorizeAsync(
appSecrets,
AppContext.calendarScopes,
"currentUser",
CancellationToken.None,
new FileDataStore("Google.Calendar.Auth", false));
var serviceInit = new BaseClientService.Initializer()
{
HttpClientInitializer = AppContext.userCredential
};
var calendarSvc = new CalendarService(serviceInit);
calendarSvc.Events.Delete(AppContext.SHARED_CALENDAR, eventId).Execute();
return true;
}
catch (Exception error)
{
ErrorLogger.WriteError(error, MethodBase.GetCurrentMethod().Name);
throw;
}
}
Error Message:
The deletion attempt returns: Error:"unauthorized_client", Description:"Unauthorized"
What specific permissions or scopes do I need to allow any authorized user to delete calendar events from shared calendars, even if they didn’t create those events originally?