<li><p><codeclass="docutils literal notranslate"><spanclass="pre">application:write</span></code>: grants write access to application configuration (only for users with administration rights),</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">profile:read</span></code>: grants read access to auth endpoints,</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">profile:write</span></code>: grants write access to auth endpoints,</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">users:read</span></code>: grants read access to users endpoints,</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">users:write</span></code>: grants write access to users endpoints,</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">workouts:read</span></code>: grants read access to workouts-related endpoints,</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">workouts:write</span></code>: grants write access to workouts-related endpoints.</p></li>
<divclass="line">After registration, the client id and secret are shown.</div>
<divclass="line">They must be stored in the 3rd-party application by the user.</div>
</div>
</li>
<li><divclass="line-block">
<divclass="line">The 3rd-party app needs to redirect to FitTrackee, in order for the user to authorize the 3rd-party app to access user data on FitTrackee.</div>
</div>
<figureclass="align-default">
<imgalt="App authorization on FitTrackee"src="_images/fittrackee_screenshot-08.png"/>
</figure>
<divclass="line-block">
<divclass="line">The authorization URL is <codeclass="docutils literal notranslate"><spanclass="pre">https://<FITTRACKEE_HOST>/profile/apps/authorize</span></code>.</div>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">client_id</span></code>: the client id displayed after registration</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">response_type</span></code>: <codeclass="docutils literal notranslate"><spanclass="pre">code</span></code>, since FitTrackee only supports Authorization Code flow.</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">scope</span></code>: scopes separated with space.</p></li>
</ul>
<divclass="line-block">
<divclass="line">and optional parameters:</div>
</div>
<ulclass="simple">
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">state</span></code>: unique value to prevent cross-site request forgery</p></li>
</ul>
<divclass="line-block">
<divclass="line">For PKCE, the following parameters are mandatory:</div>
</div>
<ulclass="simple">
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">code_challenge</span></code>: string generated from a code verifier</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">code_challenge_method</span></code>: method used to create challenge, for instance “S256”</p></li>
<divclass="line">After the authorization, FitTrackee redirects to the 3rd-party app, so the 3rd-party app can get the authorization code from the redirect URL and then fetches an access token with the client id and secret (endpoint <aclass="reference external"href="https://samr1.github.io/FitTrackee/api/oauth2.html#post--api-oauth-token">/api/oauth/token</a>).</div>
<p>OAuth2 support is implemented with <aclass="reference external"href="https://docs.authlib.org/en/latest/">Authlib</a> library.</p>
</div>
<divclass="admonition warning">
<pclass="admonition-title">Warning</p>
<divclass="line-block">
<divclass="line">If FitTrackee is running behind a proxy, the <codeclass="docutils literal notranslate"><spanclass="pre">X-Forwarded-Proto</span></code> header must be set.</div>
<divclass="line">For instance for <cite>nginx</cite>:</div>
<li><p><aclass="reference external"href="https://requests-oauthlib.readthedocs.io/en/latest/examples/real_world_example.html">Web App Example of OAuth 2 web application flow</a> with Requests-OAuthlib (python)</p></li>
<li><p><aclass="reference external"href="https://docs.authlib.org/en/latest/client/oauth2.html#oauth-2-session">OAuth 2 Session</a> with Authlib (python)</p></li>
<li><p><aclass="reference external"href="https://codeberg.org/SamR1/ft-oauth-client">Minimal example of an application interacting with FitTrackee</a> (python)</p></li>