OAuth Permissions
A full list of OAuth scopes Calendox requests from Google, Microsoft, and Zoom, and why each is needed.
Calendox uses OAuth 2.0 to connect to Google Calendar, Microsoft Outlook, and Zoom. Below is the complete list of permissions requested for each provider and the reason each scope is required.
Google Calendar
Connecting a Google account requests these scopes:
| Scope | Purpose |
|---|---|
openid, userinfo.email, userinfo.profile | Identify your Google account and display your name/email in Calendox |
calendar.readonly | Read your calendar list and event details for display and sync |
calendar.calendarlist | List the calendars in your Google account so you can choose which ones to import |
calendar.events | Create, update, and delete events in your connected calendars |
If you enable Google Meet as a meeting provider (Settings → App → Meeting Apps), Calendox additionally requests meetings.space.created to generate Meet links for your events.
Calendox does not request access to Google Drive, Gmail, Contacts, or any other Google service.
Microsoft (Outlook / Microsoft 365)
Connecting a Microsoft account requests these Microsoft Graph scopes:
| Scope | Purpose |
|---|---|
openid, profile, email | Identify your Microsoft account and display your name/email in Calendox |
offline_access | Obtain a refresh token so Calendox can renew access without requiring you to sign in again |
User.Read | Read your Microsoft account profile for display |
Calendars.ReadWrite | Read events from and write events to your Outlook calendars |
If you enable Microsoft Teams as a meeting provider (Settings → App → Meeting Apps), Calendox requests a separate authorization with openid, profile, email, offline_access, User.Read, and OnlineMeetings.ReadWrite to create Teams meetings for your events.
Enterprise tenant admin consent
Enterprise accounts connect at the Microsoft Entra (Azure AD) tenant level rather than per-user. A tenant administrator grants admin consent for:
| Scope | Purpose |
|---|---|
Calendars.ReadWrite | Read and write events across the tenant's connected mailboxes |
User.Read.All | List users in the tenant so the admin can map and import their calendars |
See Enterprise accounts for the tenant connection flow.
Calendox does not request access to your email, files, contacts, or any other Microsoft service beyond calendars, online meetings, and (for enterprise tenant admin consent) the organization's user directory.
Zoom
Calendox requests the following Zoom OAuth scopes:
| Scope | Purpose |
|---|---|
meeting:write:meeting | Create Zoom meetings when you add a Zoom link to a calendar event |
meeting:read:meeting | Read meeting details to display the join URL in the event |
meeting:delete:meeting | Remove the Zoom meeting if you delete the calendar event it was attached to |
user:read:user | Read your Zoom user ID to associate meetings with your account |
Calendox does not access Zoom recordings, chat messages, webinars, or any other Zoom data.
Token storage
OAuth access tokens and refresh tokens are stored server-side only in Calendox's database and are never included in logs or exposed to the browser. Tokens are used only to perform the operations listed above. See Data Security for more details.
Revoking access
You can revoke Calendox's access to any provider at any time:
- Google: Visit myaccount.google.com/permissions and remove Calendox.
- Microsoft: Visit myaccount.microsoft.com/permissions and remove Calendox.
- Zoom: Visit marketplace.zoom.us/user/installed and uninstall Calendox.
Revoking access from the provider side also disconnects the integration in Calendox.