diff --git a/docs/_images/fittrackee_screenshot-08.png b/docs/_images/fittrackee_screenshot-08.png
new file mode 100644
index 00000000..f1f9c38c
Binary files /dev/null and b/docs/_images/fittrackee_screenshot-08.png differ
diff --git a/docs/_sources/apps.rst.txt b/docs/_sources/apps.rst.txt
index 14221126..7ff9f0f5 100644
--- a/docs/_sources/apps.rst.txt
+++ b/docs/_sources/apps.rst.txt
@@ -3,7 +3,7 @@ Third-party applications
(*new in 0.7.0*)
FitTrackee provides a REST API (see `documentation (new in 0.7.0) FitTrackee provides a REST API (see documentation) whose
-most endpoints require authorization/authentication.Third-party applications¶
To allow a third-party application to interact with API endpoints, an OAuth2 client can be created in user settings (‘apps’ tab).
@@ -143,11 +148,12 @@ applications (documentation client (first-party application).FitTrackee supports only Authorization Code -flow (with PKCE support). +flow (with PKCE support). It allows to exchange an authorization code for an access token. The client ID and secret must be sent in the POST body. -It is recommended to use PKCE -to provide a better security.
+It is recommended to use PKCE to provide a better security. +The following scopes are available:
application:write
: grants write access to application configuration (only for users with administration rights),
workouts:read
: grants read access to workouts-related endpoints,
workouts:write
: grants write access to workouts-related endpoints.
The user creates an App (client) on FitTrackee for a third-party application.
+https://<FITTRACKEE_HOST>/profile/apps/authorize
.client_id
: the client id displayed after registration
response_type
: code
, since FitTrackee only supports Authorization Code flow.
scope
: scopes separated with space.
state
: unique value to prevent cross-site request forgery
code_challenge
: string generated from a code verifier
code_challenge_method
: method used to create challenge, for instance “S256”
Note
OAuth2 support is implemented with Authlib library.
@@ -175,13 +231,17 @@ to provide a better security.Some resources about OAuth 2.0:
OAuth 2.0 Simplified by Aaron Parecki (example for authorization code flow with PKCE)
Web App Example of OAuth 2 web application flow with Requests-OAuthlib (python)
OAuth 2 Session with Authlib (python)
Minimal example of an application interacting with FitTrackee (python)