Stack: Python, caldav library.
I use OAuth2 for authentication and provide access token in all requests:
"Authorization": <access_token>
Scopes:
https://www.googleapis.com/auth/calendar.readonlyhttps://www.googleapis.com/auth/calendar.events
I get 403 Forbidden on this request:
REPORT https://apidata.googleusercontent.com/caldav/v2/caldav/v2/<calid>/events 403
But requesting calendars works as expected:
PROPFIND https://apidata.googleusercontent.com/caldav/v2/<email%40gmail.com> 207
My first guess about the problem was invalid scope, but as I use
https://www.googleapis.com/auth/calendar.eventsand grand all requested permissions during authentication, and can access calendars, so that doesn't seem to be the reason.Next I thought that request method might cause the problem, but
REPORTmethod is supported by Google.Also I checked if access token is passed in headers in every request and that is not the reason either.
Access token is not stale.
What can be the problem?
The problem was in the scopes. After I replaced
https://www.googleapis.com/auth/calendar.readonlywithhttps://www.googleapis.com/auth/calendarI could access events.