User ОАuth Flow
Aurinko's User OAuth Flow enables user-delegated authorization, producing a user session token or httpOnly cookie for managing application user sessions.
Last updated
Aurinko's User OAuth Flow enables user-delegated authorization, producing a user session token or httpOnly cookie for managing application user sessions.
Last updated
Aurinko provides multiple Unified OAuth Flows that аre backed by providers' OAuth2 (i.e. Google, Office 365, Zoho Mail, Salesforce, HubSpot, SugarCRM) or by secure password-based authentication (i.e. MS Exchange, IMAP accounts).
This flow uses a user-delegated authorization and produces an Aurinko User with a user session token or httpOnly cookie. This flow is designed for managing application users (user sessions).
The user session token userSession
or the httpOnly cookie is used to access the app user session and all its linked accounts. Two main operations are supported:
Authorizing a primary account and initializing a user session (use &accountRole=primary
parameter)
Authorizing a secondary account for an existing user (use &accountRole=secondary
parameter)
Authorization request
From your application, redirect users to https://api.aurinko.io/v1/auth/authorizeUser
, with the query parameters used by the Account OAuth and specify the additional &accountRole=primary
parameter. Set responseType
to code
or cookie
(default value if not set).
Here's an example authorization request for creating a user :
Adding a secondary account (assuming the user session cookie is already set):
User Consent
Aurinko will present your user with the correct sign-in form based on the requested service type (Google, Office365, EWS). For Exchange users, the user has to enter a login name and an Exchange server url.
Getting the user session
Once the user has signed in and authorized your app's access, their browser will be redirected to the returnUrl
you provided.
Cookie Mode (responseType=cookie
)
If your authentication was successful Aurinko will set a secure httpOnly session cookie before redirecting to you returnUrl.
Example redirect URL: https://your-app.com/callback?state={state}&status=success
Authorization Code Mode (responseType=code
)
If your authentication was successful Aurinko will include the code
parameter in the query string.
Example redirect URL: https://your-app.com/callback?code={code}&state={state}&status=success
Make an HTTP POST call to https://api.aurinko.io/v1/auth/token/{code)}
to exchange the code
for a userSession
and userId
.
Response:
See /auth/token for details. Make sure to securely store the userSession
and provide it as an API Key in the X-Aurinko-Session
header to make API calls on behalf of the user (see Authentication details).