Service Account OAuth Flow
Aurinko provides multiple Unified OAuth Flows backed by providers’ OAuth2 (i.e. Google, Office 365, Zoho Mail, Salesforce, HubSpot, SugarCRM) or by secure password-based authentication (i.e. MS Exchange, IMAP accounts).
Service Account OAuth Flow
This flow is for gaining admin/app-level access, usually requiring a Google/Office 365 admin authorization. See the following instructions related to service accounts: Service accounts, Setting up G Suite service account, and Setting up Office 365 daemon app registration.
The flow produces an Aurinko service account
and an access token.
Authorization request
From your application, redirect users to https://api.aurinko.io/v1/auth/authorizeDaemon
, with the query parameters detailed in /auth/authorizeDaemon. You'll have to set responseType=code
.
You'll also need to determine what permissions your application will request from users, and update the scopes
query parameter accordingly. Aurinko provides granular authentication scopes that empower users with control over what level of access your application has to their data. See supported Authentication scopes for details.
Here's an example of what this URL might look like once you've included all the correct query parameters:
Redirect URI: Redirect page vs. Custom domain alias
In case your Microsoft app registration requires redirect URIs to be under a domain you own the default Aurinko's Redirect URI https://api.aurinko.io/v1/auth/callback may not work for you in production.
You have two options:
Contact us about provisioning a domain alias for your Aurinko app so you can use a URL like
https://aurinko.mydomain/v1/auth/callback
Create your intermediate redirect page to use for redirecting all calls to Aurinko's
https://api.aurinko.io/v1/auth/callback
with the URL parametersstate
,code
, andscope
. See the corresponding OAuth flow in the following diagram:
User Consent
Aurinko will present your user with the correct sign-in form based on the requested service type (Google, Office365, EWS). For Exchange users, the user has to enter a login name and an Exchange server URL.
Getting the token
Once the user has signed in and authorized your app's access, their browser will be redirected to the returnUrl
you provided.
Authorization Code Grant (
responseType=code
)If your authentication was successful Aurinko will include the
code
parameter in the query string.Example redirect URL:
https://your-app.com/callback?code={code}&state={state}&status=success
Make an HTTP POST call to
https://api.aurinko.io/v1/auth/token/{code}
to exchange thecode
for anaccess_token
.
Response:
See /auth/token for details. Make sure to securely store the accessToken
and provide it as the HTTP Bearer Auth
token to make API calls on behalf of the account (see Authentication details).
Last updated