Glossary

OAuth for Calendars

OAuth 2.0 is the standard that lets you grant a third-party app limited access to your calendar without sharing your password. Google and Microsoft both use it for calendar APIs.


What OAuth does

OAuth 2.0 separates authentication (proving who you are) from authorization (deciding what an app can do on your behalf). When you click Connect Calendar, you sign in directly with Google or Microsoft, then explicitly approve a list of scopes. The third-party app never sees your password.

Why it matters

Without OAuth, a sync tool would need your raw username and password to read your calendar. That is a security and compliance non-starter. OAuth produces a revocable token tied to specific permissions, so you can disconnect at any time from your Google or Microsoft account settings.

Scopes for calendar sync

SyncCal requests the narrowest scope that lets it read and write calendar events. It does not request access to email, contacts, files, or any other data, and Google and Microsoft enforce that boundary.

What about iCloud and CalDAV

Apple does not expose OAuth for third-party calendar clients. iCloud and most CalDAV servers use app-specific passwords instead. Functionally similar (limited, revocable, scoped to a single application) but implemented differently. See the CalDAV entry for the protocol-level details.

Cross-tenant OAuth

Microsoft 365 OAuth is per-tenant. A consultant who needs to mirror calendars from three different client tenants into their own grants OAuth separately in each. The Sync Outlook Calendar with Teams integration page walks through the typical multi-tenant setup, and SyncCal for consultants covers the role-level playbook.

Related terms