Aurinko supports granular authentication scopes to improve security for your end-users. You can limit the permissions and data Aurinko requests during authentication by using the scopes parameter with the /auth/authorize endpoint.
To remain secure, Aurinko strongly recommends passing only the scopes that your application needs when authenticating a user. Please reference the table below when updating your authentication code to make sure your application requests the minimal amount of access necessary for your app's functionality.
| Aurinko scope | Description |
|---|---|
Mail.ReadWrite | Read and modify all messages, threads, file attachments, and read email metadata like headers. Does not include send. |
Mail.Read | Read all messages, threads, file attachments, drafts, and email metadata like headers - no write operations. |
Mail.Send | Send messages only. No read or modify privileges on users' emails. |
Mail.Drafts | Create, read, update, and delete drafts. Send messages and drafts. |
Calendar.ReadWrite | Read and modify calendars and events. |
Calendar.Read | Read calendars and events. |
Contacts.ReadWrite | Read and modify contacts. |
Contacts.Read | Read contacts. |
Tasks.ReadWrite | Read and modify tasks. |
Tasks.Read | Read tasks. |
Example
To give an example, if your app has functionality for users to send and read messages, but not modify messages, you would use the following scopes: Mail.ReadOnly,Mail.Send.
Here is an example request showing how your app might pass these scopes:
curl -X GET https:/api.aurinko.io/v1/auth/authorize \ -d clientId='a8b7c6d5e4f3g2h1' \ -d serviceType='Office365' \ -d scopes='Mail.Read,Mail.Send' \ -d returnUrl='https://yourapp.com/aurinko-redirect' \ -d state='CustomStateString'