Sub-scope synchronization

What is claimed is: 1. A method of synchronizing data between an online data source and a client application, the method comprising: in response to a change in a permission associated with a user to a protected data set included in a shared data space of the online data source, receiving, with the client application associated with the user, a protected data synchronization token issued by the online data source associated with the protected data set; downloading, with the client application, the protected data set included in the shared data space from the online data source to the client application using the protected data synchronization token without re-downloading a public data set included in the shared data space; and after downloading the protected data set, synchronizing the shared data space, including the protected data set and the public data set, between the online data source and the client application using a stored data space synchronization token. 2. The method of claim 1 , further comprising, providing authenticating information, from the client application to the online data source, prior to receiving the protected data synchronization token. 3. The method of claim 2 , wherein providing authenticating information includes completing multi-factor authentication. 4. The method of claim 1 , wherein downloading the protected data set includes downloading a new protected data set included in the shared data space, wherein the change in permission includes the user being granted permission to access the new protected data set and wherein the protected data synchronization token includes an identifier of the new protected data set. 5. The method of claim 1 , wherein synchronizing the shared data space includes synchronizing the shared data space using the stored data space synchronization token and the protected data synchronization token. 6. The method of claim 1 , wherein synchronizing the shared data space includes identifying changes made to the shared data space since a previous synchronization and applying the changes to a locally-stored copy of the shared data space. 7. The method of claim 6 , wherein applying the changes includes applying changes made to the protected data set while the protected data set was being downloaded. 8. The method of claim 1 , further comprising storing the data space synchronization token before downloading the protected data set. 9. A system for synchronizing data between an online data source and a client application, the system comprising: a user device including a memory storing the client application and an electronic processor configured to execute the client application to in response to a change in a permission associated with a user to a first data set included in a shared data space of the online data source, receive a data synchronization token from the online data source associated with the first data set, download the first data set included in the shared data space from the online data source to the client application using the data synchronization token without re-downloading a second data set included in the shared data space, and after downloading the first data set, synchronize the shared data space, including the first data set and the second data set, between the online data source and the client application using a stored data space synchronization token and the data synchronization token associated with the first data set. 10. The system of claim 9 , wherein the electronic processor is further configured to provide authenticating information to the online data source prior to receiving the data synchronization token. 11. The system of claim 10 , wherein the authenticating information includes multi-factor authentication. 12. The system of claim 9 , wherein the electronic processor is configured to download the first data set by downloading a new data set included in the shared data space, wherein the change in permission includes the user being granted permission to access the new data set and wherein the data synchronization token includes an identifier of the new data set. 13. The system of claim 9 , wherein the electronic processor is configured to synchronize the shared data space by identifying changes made to the shared data space since a previous synchronization and applying the changes to a locally-stored copy of the shared data space. 14. The system of claim 13 , wherein the electronic processor is configured to apply the changes by applying changes made to the first data set while the first data set was being downloaded. 15. The system of claim 14 , wherein the electronic processor is further configured to store the data space synchronization token before downloading the first data set. 16. The system of claim 9 , wherein the first data set is a protected data set and the second data set is a public data set. 17. The system of claim 9 , wherein at least a portion of at least one of the first data set and the second data set is encrypted. 18. The system of claim 9 , wherein at least one of the first data set and the second data set includes a plurality of layers of data requiring different levels of authentication. 19. The system of claim 9 , wherein at least one of the first data set and the second data set includes a layer of data including a plurality of scopes, wherein each of the plurality of scopes requires a different level of authentication. 20. A non-transitory computer-readable medium storing instructions that, when executed by an electronic processor, perform a set of functions, the set of functions including: in response to a change in a permission associated with a user to data included in a shared data space of an online data source, the change in the permission including the withdrawal of a permission to a protected data set included in the stored data space receiving, at a client application, a revocation notice from the online data source for a previously received protected data synchronization token associated with the protected data set; and in response to the revocation notice, deleting the protected data synchronization token, deleting the protected data set from a locally-stored copy of the shared data space without deleting a public data set from the locally-stored copy of the shared data space, and after deleting the protected data set, synchronizing the shared data space, including the public data set and excluding the protected data set, between the online source and the client application using a stored data space synchronization token.