Aurinko supports granular authentication scopes to improve security for your end-users. You can limit the permissions and data Aurinko requests during authentication by using the
scopes parameter with the /auth/authorize endpoint.
To remain secure, Aurinko strongly recommends passing only the scopes that your application needs when authenticating a user. Please reference the table below when updating your authentication code to make sure your application requests the minimal amount of access necessary for your app's functionality.
|Read and modify all messages, threads, file attachments, and read email metadata like headers. Does not include send.|
|Read all messages, threads, file attachments, drafts, and email metadata like headers - no write operations.|
|Send messages only. No read or modify privileges on users' emails.|
|Create, read, update, and delete drafts. Send messages and drafts.|
|Read and modify calendars and events.|
|Read calendars and events.|
|Read and modify contacts.|
|Read and modify tasks.|
To give an example, if your app has functionality for users to send and read messages, but not modify messages, you would use the following scopes:
Here is an example request showing how your app might pass these scopes:
curl -X GET https:/api.aurinko.io/v1/auth/authorize \
-d clientId='a8b7c6d5e4f3g2h1' \
-d serviceType='Office365' \
-d scopes='Mail.Read,Mail.Send' \
-d returnUrl='https://yourapp.com/aurinko-redirect' \
Any tokens obtained this way have a limited scope, so you won't be able to access out-of-scope endpoints with them.