Aurinko supports granular authentication scopes to improve security for your end-users. You can limit the permissions and data Aurinko requests during authentication by using the
scopes parameter with the /auth/authorize endpoint.
To remain secure, Aurinko strongly recommends passing only the scopes that your application needs when authenticating a user. Please reference the table below when updating your authentication code to make sure your application requests the minimal amount of access necessary for your app's functionality.
||Read and modify all messages, threads, file attachments, and read email metadata like headers. Does not include send.|
||Read all messages, threads, file attachments, drafts, and email metadata like headers - no write operations.|
||Send messages only. No read or modify privileges on users' emails.|
||Read and modify calendars and events.|
||Read calendars and events.|
||Read and modify contacts.|
||Read and modify tasks.|
To give an example, if your app has functionality for users to send and read messages, but not modify messages, you would use the following scopes:
Here is an example request showing how your app might pass these scopes:
curl -X GET https:/api.aurinko.io/v1/auth/authorize \ -d clientId='a8b7c6d5e4f3g2h1' \ -d serviceType='Office365' \ -d scopes='Mail.Read,Mail.Send' \ -d returnUrl='https://yourapp.com/aurinko-redirect' \ -d state='CustomStateString'