<!doctype html> <html class="no-js" lang="fr"> <head><meta charset="utf-8"/> <meta name="viewport" content="width=device-width,initial-scale=1"/> <meta name="color-scheme" content="light dark"><meta name="viewport" content="width=device-width, initial-scale=1" /> <link rel="index" title="Index" href="genindex.html" /><link rel="search" title="Recherche" href="search.html" /><link rel="next" title="Installation" href="installation.html" /><link rel="prev" title="Fonctionnalités" href="features.html" /> <!-- Generated with Sphinx 7.0.1 and Furo 2023.05.20 --> <title>OAuth 2.0 - Documentation FitTrackee 0.7.18</title> <link rel="stylesheet" type="text/css" href="_static/pygments.css" /> <link rel="stylesheet" type="text/css" href="_static/styles/furo.css?digest=e6660623a769aa55fea372102b9bf3151b292993" /> <link rel="stylesheet" type="text/css" href="_static/copybutton.css" /> <link rel="stylesheet" type="text/css" href="_static/styles/furo-extensions.css?digest=30d1aed668e5c3a91c3e3bf6a60b675221979f0e" /> <link rel="stylesheet" type="text/css" href="_static/css/fork-awesome.min.css" /> <link rel="stylesheet" type="text/css" href="_static/css/custom.css" /> <style> body { --color-code-background: #eeffcc; --color-code-foreground: black; } @media not print { body[data-theme="dark"] { --color-code-background: #272822; --color-code-foreground: #f8f8f2; } @media (prefers-color-scheme: dark) { body:not([data-theme="light"]) { --color-code-background: #272822; --color-code-foreground: #f8f8f2; } } } </style></head> <body> <script> document.body.dataset.theme = localStorage.getItem("theme") || "auto"; </script> <svg xmlns="http://www.w3.org/2000/svg" style="display: none;"> <symbol id="svg-toc" viewBox="0 0 24 24"> <title>Contents</title> <svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 1024 1024"> <path d="M408 442h480c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8H408c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8zm-8 204c0 4.4 3.6 8 8 8h480c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8H408c-4.4 0-8 3.6-8 8v56zm504-486H120c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h784c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8zm0 632H120c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h784c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8zM115.4 518.9L271.7 642c5.8 4.6 14.4.5 14.4-6.9V388.9c0-7.4-8.5-11.5-14.4-6.9L115.4 505.1a8.74 8.74 0 0 0 0 13.8z"/> </svg> </symbol> <symbol id="svg-menu" viewBox="0 0 24 24"> <title>Menu</title> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather-menu"> <line x1="3" y1="12" x2="21" y2="12"></line> <line x1="3" y1="6" x2="21" y2="6"></line> <line x1="3" y1="18" x2="21" y2="18"></line> </svg> </symbol> <symbol id="svg-arrow-right" viewBox="0 0 24 24"> <title>Expand</title> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather-chevron-right"> <polyline points="9 18 15 12 9 6"></polyline> </svg> </symbol> <symbol id="svg-sun" viewBox="0 0 24 24"> <title>Light mode</title> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" class="feather-sun"> <circle cx="12" cy="12" r="5"></circle> <line x1="12" y1="1" x2="12" y2="3"></line> <line x1="12" y1="21" x2="12" y2="23"></line> <line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line> <line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line> <line x1="1" y1="12" x2="3" y2="12"></line> <line x1="21" y1="12" x2="23" y2="12"></line> <line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line> <line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line> </svg> </symbol> <symbol id="svg-moon" viewBox="0 0 24 24"> <title>Dark mode</title> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" class="icon-tabler-moon"> <path stroke="none" d="M0 0h24v24H0z" fill="none" /> <path d="M12 3c.132 0 .263 0 .393 0a7.5 7.5 0 0 0 7.92 12.446a9 9 0 1 1 -8.313 -12.454z" /> </svg> </symbol> <symbol id="svg-sun-half" viewBox="0 0 24 24"> <title>Auto light/dark mode</title> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" class="icon-tabler-shadow"> <path stroke="none" d="M0 0h24v24H0z" fill="none"/> <circle cx="12" cy="12" r="9" /> <path d="M13 12h5" /> <path d="M13 15h4" /> <path d="M13 18h1" /> <path d="M13 9h4" /> <path d="M13 6h1" /> </svg> </symbol> </svg> <input type="checkbox" class="sidebar-toggle" name="__navigation" id="__navigation"> <input type="checkbox" class="sidebar-toggle" name="__toc" id="__toc"> <label class="overlay sidebar-overlay" for="__navigation"> <div class="visually-hidden">Hide navigation sidebar</div> </label> <label class="overlay toc-overlay" for="__toc"> <div class="visually-hidden">Hide table of contents sidebar</div> </label> <div class="page"> <header class="mobile-header"> <div class="header-left"> <label class="nav-overlay-icon" for="__navigation"> <div class="visually-hidden">Toggle site navigation sidebar</div> <i class="icon"><svg><use href="#svg-menu"></use></svg></i> </label> </div> <div class="header-center"> <a href="index.html"><div class="brand">Documentation FitTrackee 0.7.18 </div></a> </div> <div class="header-right"> <div class="theme-toggle-container theme-toggle-header"> <button class="theme-toggle"> <div class="visually-hidden">Toggle Light / Dark / Auto color theme</div> <svg class="theme-icon-when-auto"><use href="#svg-sun-half"></use></svg> <svg class="theme-icon-when-dark"><use href="#svg-moon"></use></svg> <svg class="theme-icon-when-light"><use href="#svg-sun"></use></svg> </button> </div> <label class="toc-overlay-icon toc-header-icon" for="__toc"> <div class="visually-hidden">Toggle table of contents sidebar</div> <i class="icon"><svg><use href="#svg-toc"></use></svg></i> </label> </div> </header> <aside class="sidebar-drawer"> <div class="sidebar-container"> <div class="sidebar-sticky"><a class="sidebar-brand" href="index.html"> <div class="sidebar-logo-container"> <img class="sidebar-logo" src="_static/ft-logo.png" alt="Logo"/> </div> <span class="sidebar-brand-text">Documentation FitTrackee 0.7.18 </span> </a><form class="sidebar-search-container" method="get" action="search.html" role="search"> <input class="sidebar-search" placeholder="Recherche" name="q" aria-label="Recherche"> <input type="hidden" name="check_keywords" value="yes"> <input type="hidden" name="area" value="default"> </form> <div id="searchbox"></div><div class="sidebar-scroll"><div class="sidebar-tree"> <ul class="current"> <li class="toctree-l1"><a class="reference internal" href="features.html">Fonctionnalités</a></li> <li class="toctree-l1 current current-page"><a class="current reference internal" href="#">OAuth 2.0</a></li> <li class="toctree-l1"><a class="reference internal" href="installation.html">Installation</a></li> <li class="toctree-l1"><a class="reference internal" href="cli.html">Interface de ligne de commande</a></li> <li class="toctree-l1"><a class="reference internal" href="third_party_tools.html">Outils tiers</a></li> <li class="toctree-l1 has-children"><a class="reference internal" href="api/index.html">Documentation de l’API</a><input class="toctree-checkbox" id="toctree-checkbox-1" name="toctree-checkbox-1" role="switch" type="checkbox"/><label for="toctree-checkbox-1"><div class="visually-hidden">Toggle navigation of Documentation de l’API</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul> <li class="toctree-l2"><a class="reference internal" href="api/auth.html">Authentification et compte</a></li> <li class="toctree-l2"><a class="reference internal" href="api/configuration.html">Configuration</a></li> <li class="toctree-l2"><a class="reference internal" href="api/oauth2.html">OAuth2</a></li> <li class="toctree-l2"><a class="reference internal" href="api/records.html">Records</a></li> <li class="toctree-l2"><a class="reference internal" href="api/sports.html">Sports</a></li> <li class="toctree-l2"><a class="reference internal" href="api/stats.html">Statistiques</a></li> <li class="toctree-l2"><a class="reference internal" href="api/users.html">Utilisateurs</a></li> <li class="toctree-l2"><a class="reference internal" href="api/workouts.html">Séances</a></li> </ul> </li> <li class="toctree-l1 has-children"><a class="reference internal" href="troubleshooting/index.html">Dépannage</a><input class="toctree-checkbox" id="toctree-checkbox-2" name="toctree-checkbox-2" role="switch" type="checkbox"/><label for="toctree-checkbox-2"><div class="visually-hidden">Toggle navigation of Dépannage</div><i class="icon"><svg><use href="#svg-arrow-right"></use></svg></i></label><ul> <li class="toctree-l2"><a class="reference internal" href="troubleshooting/administrator.html">Administrateur</a></li> </ul> </li> <li class="toctree-l1"><a class="reference internal" href="changelog.html">Historique des modifications</a></li> </ul> </div> </div><div id="furo-languages" tabindex="0"> <span class="languages-label"> <i class="fa fa-language"></i> </span> <div class="languages-list"> <a href="../en/oauth.html" hreflang=en lang=en> English </a> <a href="../fr/oauth.html" hreflang=fr lang=fr> Français </a> </div> </div> </div> </div> </aside> <div class="main"> <div class="content"> <div class="article-container"> <a href="#" class="back-to-top muted-link"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"> <path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8v12z"></path> </svg> <span>Back to top</span> </a> <div class="content-icon-container"> <div class="theme-toggle-container theme-toggle-content"> <button class="theme-toggle"> <div class="visually-hidden">Toggle Light / Dark / Auto color theme</div> <svg class="theme-icon-when-auto"><use href="#svg-sun-half"></use></svg> <svg class="theme-icon-when-dark"><use href="#svg-moon"></use></svg> <svg class="theme-icon-when-light"><use href="#svg-sun"></use></svg> </button> </div> <label class="toc-overlay-icon toc-content-icon" for="__toc"> <div class="visually-hidden">Toggle table of contents sidebar</div> <i class="icon"><svg><use href="#svg-toc"></use></svg></i> </label> </div> <article role="main"> <section id="oauth-2-0"> <h1>OAuth 2.0<a class="headerlink" href="#oauth-2-0" title="Lien permanent vers cette rubrique">#</a></h1> <p>(<em>nouveau dans la version in 0.7.0</em>)</p> <p>FitTrackee fournit une API REST (voir <a class="reference external" href="api/index.html">documentation</a>) dont la plupart des points d’accès nécessitent une authentification/autorisation.</p> <p>Pour permettre à une application tierce d’interagir avec les points d’accès de l’API, un client <a class="reference external" href="https://datatracker.ietf.org/doc/html/rfc6749">OAuth2</a> peut être créé dans les paramètres de l’utilisateur (onglet “apps”).</p> <div class="admonition warning"> <p class="admonition-title">Avertissement</p> <p>Les points d’entrée OAuth2 nécessitant une authentification ne sont pas accessibles par des applications tierces (<a class="reference external" href="api/oauth2.html">documentation</a>), seulement par l’application web de FitTrackee).</p> </div> <p>Seul le flux avec <a class="reference external" href="https://datatracker.ietf.org/doc/html/rfc6749#section-1.3.1">Code d’Autorisation</a> (avec <a class="reference external" href="https://datatracker.ietf.org/doc/html/rfc7636">PKCE</a>) est pris en charge. Il permet d’échanger un code d’autorisation contre un jeton d’accès. L’identifiant et le secret du client doivent être envoyés dans le corps du message (méthode « POST »). Il est recommandé d’utiliser PKCE pour assurer une meilleure sécurité.</p> <section id="scopes"> <h2>Scopes<a class="headerlink" href="#scopes" title="Lien permanent vers cette rubrique">#</a></h2> <p>Les scopes suivants sont disponibles :</p> <ul class="simple"> <li><p><code class="docutils literal notranslate"><span class="pre">application:write</span></code> : permet d’accéder en écriture à la configuration de l’application (uniquement pour les utilisateurs ayant des droits d’administration),</p></li> <li><p><code class="docutils literal notranslate"><span class="pre">profile:read</span></code> : accorde un accès en lecture aux points d’entrée d’authentification/profil utilisateur,</p></li> <li><p><code class="docutils literal notranslate"><span class="pre">profile:write</span></code> : accorde l’accès en écriture aux points d’entrée d’authentification/profil utilisateur,</p></li> <li><p><code class="docutils literal notranslate"><span class="pre">users:read</span></code> : accorde un accès en lecture aux points d’entrée des utilisateurs,</p></li> <li><p><code class="docutils literal notranslate"><span class="pre">users:write</span></code> : accorde un accès en écriture aux points d’entrée des utilisateurs,</p></li> <li><p><code class="docutils literal notranslate"><span class="pre">workouts:read</span></code> : accorde un accès en lecture aux points d’entrée associés aux séances,</p></li> <li><p><code class="docutils literal notranslate"><span class="pre">workouts:write</span></code> : accorde un accès en écriture aux points d’entrée associés aux séances.</p></li> </ul> </section> <section id="flow"> <h2>Flux<a class="headerlink" href="#flow" title="Lien permanent vers cette rubrique">#</a></h2> <ul> <li><p>L’utilisateur crée une application (client) sur FitTrackee pour une application tierce.</p> <figure class="align-default"> <img alt="Création d'un client OAuth2 sur FitTrackee" src="_images/fittrackee_screenshot-07.png" /> </figure> <div class="line-block"> <div class="line">Après l’enregistrement, l’identifiant et le secret du client sont affichés.</div> <div class="line">Ils doivent être stockés dans l’application tierce par l’utilisateur.</div> </div> </li> <li><div class="line-block"> <div class="line">L’application tierce doit rediriger vers FitTrackee, afin que l’utilisateur puisse autoriser l’application tierce à accéder aux données de l’utilisateur sur FitTrackee.</div> </div> <figure class="align-default"> <img alt="Autorisation de l'application sur FitTrackee" src="_images/fittrackee_screenshot-08.png" /> </figure> <div class="line-block"> <div class="line">L’URL pour l’autorisation est <code class="docutils literal notranslate"><span class="pre">https://<FITTRACKEE_HOST>/profile/apps/authorize</span></code>.</div> <div class="line">Les paramètres requis sont les suivants :</div> </div> <ul class="simple"> <li><p><code class="docutils literal notranslate"><span class="pre">client_id</span></code> : l’identifiant du client affiché après l’enregistrement</p></li> <li><p><code class="docutils literal notranslate"><span class="pre">response_type</span></code> : <code class="docutils literal notranslate"><span class="pre">code</span></code>, FitTrackee ne supportant que le flux avec code d’autorisation.</p></li> <li><p><code class="docutils literal notranslate"><span class="pre">scope</span></code> : scopes séparés par des espaces.</p></li> </ul> <div class="line-block"> <div class="line">et des paramètres facultatifs :</div> </div> <ul class="simple"> <li><p><code class="docutils literal notranslate"><span class="pre">state</span></code> : valeur unique pour empêcher la falsification des requêtes entre les sites (<em>cross-site request forgery</em> (CSRF))</p></li> </ul> <div class="line-block"> <div class="line">Pour PKCE, les paramètres suivants sont obligatoires :</div> </div> <ul class="simple"> <li><p><code class="docutils literal notranslate"><span class="pre">code_challenge</span></code> : chaîne de caractères générée par un vérificateur de code</p></li> <li><p><code class="docutils literal notranslate"><span class="pre">code_challenge_method</span></code> : méthode utilisée pour créer le challenge, par exemple « S256 »</p></li> </ul> <div class="line-block"> <div class="line">Exemple pour PKCE :</div> <div class="line"><code class="docutils literal notranslate"><span class="pre">https://<FITTRACKEE_HOST>/profile/apps/authorize?response_type=code&client_id=<CLIENT_ID>&scope=profile%3Aread+workouts%3Awrite&state=<STATE>&code_challenge=<CODE_CHALLENGE>&code_challenge_method=S256</span></code></div> </div> </li> <li><div class="line-block"> <div class="line">Après autorisation, FitTrackee redirige vers l’application tierce, de sorte que l’application tierce puisse obtenir le code d’autorisation à partir de l’URL de redirection et récupère ensuite un jeton d’accès avec l’identifiant et le secret du client (point d’accès <a class="reference external" href="https://samr1.github.io/FitTrackee/api/oauth2.html#post--api-oauth-token">/api/oauth/token</a>).</div> <div class="line">Exemple d’URL de redirection :</div> <div class="line"><code class="docutils literal notranslate"><span class="pre">https://example.com/callback?code=<AUTHORIZATION_CODE>&state=<STATE></span></code></div> </div> </li> </ul> <div class="admonition note"> <p class="admonition-title">Note</p> <p>La prise en charge d’OAuth2 est mise en œuvre avec la bibliothèque <a class="reference external" href="https://docs.authlib.org/en/latest/">Authlib</a> bibliothèque.</p> </div> <div class="admonition warning"> <p class="admonition-title">Avertissement</p> <div class="line-block"> <div class="line">Si FitTrackee fonctionne derrière un <em>proxy</em>, l’en-tête <code class="docutils literal notranslate"><span class="pre">X-Forwarded-Proto</span></code> doit être défini.</div> <div class="line">Par exemple pour <code class="docutils literal notranslate"><span class="pre">nginx</span></code> :</div> </div> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span>proxy_set_header X-Forwarded-Proto $scheme; </pre></div> </div> </div> </section> <section id="resources"> <h2>Ressources<a class="headerlink" href="#resources" title="Lien permanent vers cette rubrique">#</a></h2> <p>Quelques ressources sur OAuth 2.0 :</p> <ul class="simple"> <li><p><a class="reference external" href="https://www.oauth.com">OAuth 2.0 Simplified</a> par <a class="reference external" href="https://aaronparecki.com">Aaron Parecki</a> (exemple pour le flux avec le <a class="reference external" href="https://www.oauth.com/oauth2-servers/server-side-apps/example-flow/">code d’autorisation et PKCE</a>)</p></li> <li><p><a class="reference external" href="https://requests-oauthlib.readthedocs.io/en/latest/examples/real_world_example.html">Web App Example of OAuth 2 web application flow</a> avec Requests-OAuthlib (python)</p></li> <li><p><a class="reference external" href="https://docs.authlib.org/en/latest/client/oauth2.html#oauth-2-session">OAuth 2 Session</a> avec Authlib (python)</p></li> <li><p><a class="reference external" href="https://codeberg.org/SamR1/ft-oauth-client">Exemple d’une application minimale interagissant avec FitTrackee</a> (python)</p></li> </ul> </section> </section> </article> </div> <footer> <div class="related-pages"> <a class="next-page" href="installation.html"> <div class="page-info"> <div class="context"> <span>Next</span> </div> <div class="title">Installation</div> </div> <svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg> </a> <a class="prev-page" href="features.html"> <svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg> <div class="page-info"> <div class="context"> <span>Previous</span> </div> <div class="title">Fonctionnalités</div> </div> </a> </div> <div class="bottom-of-page"> <div class="left-details"> <div class="copyright"> Copyright © 2018 - 2023, SamR1 </div> Made with <a href="https://www.sphinx-doc.org/">Sphinx</a> and <a class="muted-link" href="https://pradyunsg.me">@pradyunsg</a>'s <a href="https://github.com/pradyunsg/furo">Furo</a> </div> <div class="right-details"> <div class="icons"> <a class="muted-link fa fa-github fa-lg" href="https://github.com/SamR1/FitTrackee" aria-label="GitHub"></a> <a class="muted-link fa fa-mastodon fa-lg" rel="me" href="https://fosstodon.org/@FitTrackee" aria-label="Mastodon"></a> </div> </div> </div> </footer> </div> <aside class="toc-drawer"> <div class="toc-sticky toc-scroll"> <div class="toc-title-container"> <span class="toc-title"> On this page </span> </div> <div class="toc-tree-container"> <div class="toc-tree"> <ul> <li><a class="reference internal" href="#">OAuth 2.0</a><ul> <li><a class="reference internal" href="#scopes">Scopes</a></li> <li><a class="reference internal" href="#flow">Flux</a></li> <li><a class="reference internal" href="#resources">Ressources</a></li> </ul> </li> </ul> </div> </div> </div> </aside> </div> </div><script data-url_root="./" id="documentation_options" src="_static/documentation_options.js"></script> <script src="_static/doctools.js"></script> <script src="_static/sphinx_highlight.js"></script> <script src="_static/scripts/furo.js"></script> <script src="_static/clipboard.min.js"></script> <script src="_static/copybutton.js"></script> <script src="_static/translations.js"></script> </body> </html>