Aurinko supports OAuth2 authentication for Google and Office 365 accounts and the secure password authentication for MS Exchange accounts. To enable OAuth2 authentication for production, please see our Office365 OAuth Setup and Google OAuth Setup articles.

Step 1

From your application, redirect users to, with the query parameters detailed in /auth/authorize.

You'll need to set the  responseType to code if you have a server side application, or token if you have a client side or mobile app.

You'll also need to determine what permissions your application will request from users, and update the  scopes query parameter accordingly. Aurinko provides granular authentication scopes that empower users with control over what level of access your application has to their data. See supported Authentication scopes for details.

Here's an example of what this URL might look like once you've included all the correct query parameters:{APPLICATION_ID}&serviceType=Google&scopes=Mail.Read%20Mail.Send&responseType=token&returnUrl=...


Aurinko will present your user with the correct sign in form based on the requested service type (Google, Office365, EWS). For Exchange users, the user has to enter a login name and an Exchange server url.  

Step 3

Once the user has signed in, their browser will be redirected to the  returnUrl you provided.

Client Side

If authentication was successful and you're using a  responseType of token, Aurinko will include the accessToken parameter in the query string. That's it! We recommend storing the accessToken and then removing it from the URL fragment with JavaScript. This is the token you will provide as a HTTP Bearer Auth to make API calls on behalf of the user.

Server Side

If your authentication was successful and you're using a  responseType of code, Aurinko will include a code parameter in the query string.

Make an HTTP GET to{code} to exchange the code for an access_token. See /auth/token for details. Make sure to securely store the accessToken and provide it as the HTTP Bearer Auth token to make API calls on behalf of the user (see Authentication details).