OAuth2¶
- GET /api/oauth/apps¶
Get OAuth2 clients (apps) for authenticated user with pagination (5 clients/page).
This endpoint is only accessible by FitTrackee client (first-party application).
Example request:
without parameters:
GET /api/oauth/apps HTTP/1.1 Content-Type: application/json
with ‘page’ parameter:
GET /api/oauth/apps?page=2 HTTP/1.1 Content-Type: application/json
Example response:
HTTP/1.1 200 SUCCESS Content-Type: application/json { "data": { "clients": [ { "client_description": "", "client_id": "o22a27s2aBPUoxJbxV3UjDOx", "id": 1, "issued_at": "Thu, 14 July 2022 06:27:53 GMT", "name": "GPX Importer", "redirect_uris": [ " https://example.com/callback" ], "scope": "profile:read workouts:write", "website": "https://example.com" } ] }, "pagination": { "has_next": false, "has_prev": false, "page": 1, "pages": 1, "total": 1 }, "status": "success" }
- Query Parameters:
page (integer) – page for pagination (default: 1)
- Request Headers:
Authorization – OAuth 2.0 Bearer Token
- Status Codes:
200 OK –
success
provide a valid auth token
signature expired, please log in again
invalid token, please log in again
- POST /api/oauth/apps¶
Create an OAuth2 client (app) for the authenticated user.
This endpoint is only accessible by FitTrackee client (first-party application).
Example request:
POST /api/oauth/apps HTTP/1.1 Content-Type: application/json
Example response:
HTTP/1.1 200 SUCCESS Content-Type: application/json { "data": { "client": { "client_description": "", "client_id": "o22a27s2aBPUoxJbxV3UjDOx", "client_secret": "<CLIENT SECRET>", "id": 1, "issued_at": "Thu, 14 July 2022 06:27:53 GMT", "name": "GPX Importer", "redirect_uris": [ "https://example.com/callback" ], "scope": "profile:read workouts:write", "website": "https://example.com" } }, "status": "created" }
- JSON Parameters:
client_name (string) – client name
client_uri (string) – client URL
redirect_uri (array) – list of client redirect URLs (string)
scope (string) – client scopes
client_description (string) – client description (optional)
- Request Headers:
Authorization – OAuth 2.0 Bearer Token
- Status Codes:
200 OK –
success
400 Bad Request –
invalid payload
provide a valid auth token
signature expired, please log in again
invalid token, please log in again
- GET /api/oauth/apps/(string: client_client_id)¶
Get an OAuth2 client (app) by ‘client_id’.
This endpoint is only accessible by FitTrackee client (first-party application).
Example request:
GET /api/oauth/apps/o22a27s2aBPUoxJbxV3UjDOx HTTP/1.1 Content-Type: application/json
Example responses:
success:
HTTP/1.1 200 SUCCESS Content-Type: application/json { "data": { "client": { "client_description": "", "client_id": "o22a27s2aBPUoxJbxV3UjDOx", "id": 1, "issued_at": "Thu, 14 July 2022 06:27:53 GMT", "name": "GPX Importer", "redirect_uris": [ "https://example.com/callback" ], "scope": "profile:read workouts:write", "website": "https://example.com" } }, "status": "success" }
not found:
HTTP/1.1 404 NOT FOUND Content-Type: application/json { "status": "not found", "message": "OAuth2 client not found" }
- Parameters:
client_client_id (string) – OAuth2 client client_id
- Request Headers:
Authorization – OAuth 2.0 Bearer Token
- Status Codes:
200 OK –
success
provide a valid auth token
signature expired, please log in again
invalid token, please log in again
404 Not Found –
OAuth2 client not found
- GET /api/oauth/apps/(int: client_id)/by_id¶
Get an OAuth2 client (app) by id (integer value).
This endpoint is only accessible by FitTrackee client (first-party application).
Example request:
GET /api/oauth/apps/1/by_id HTTP/1.1 Content-Type: application/json
Example responses:
success:
HTTP/1.1 200 SUCCESS Content-Type: application/json { "data": { "client": { "client_description": "", "client_id": "o22a27s2aBPUoxJbxV3UjDOx", "id": 1, "issued_at": "Thu, 14 July 2022 06:27:53 GMT", "name": "GPX Importer", "redirect_uris": [ "https://example.com/callback" ], "scope": "profile:read workouts:write", "website": "https://example.com" } }, "status": "success" }
not found:
HTTP/1.1 404 NOT FOUND Content-Type: application/json { "status": "not found", "message": "OAuth2 client not found" }
- Parameters:
client_id (integer) – OAuth2 client id
- Request Headers:
Authorization – OAuth 2.0 Bearer Token
- Status Codes:
200 OK –
success
provide a valid auth token
signature expired, please log in again
invalid token, please log in again
404 Not Found –
OAuth2 client not found
- DELETE /api/oauth/apps/(int: client_id)¶
Delete an OAuth2 client (app).
This endpoint is only accessible by FitTrackee client (first-party application).
Example request:
DELETE /api/oauth/apps/1 HTTP/1.1 Content-Type: application/json
Example response:
HTTP/1.1 204 NO CONTENT Content-Type: application/json
- Parameters:
client_id (integer) – OAuth2 client id
- Request Headers:
Authorization – OAuth 2.0 Bearer Token
- Status Codes:
204 No Content – OAuth2 client deleted
provide a valid auth token
signature expired, please log in again
invalid token, please log in again
404 Not Found –
OAuth2 client not found
- POST /api/oauth/apps/(int: client_id)/revoke¶
Revoke all tokens associated to an OAuth2 client (app).
This endpoint is only accessible by FitTrackee client (first-party application).
Example request:
POST /api/oauth/apps/1/revoke HTTP/1.1 Content-Type: application/json
Example response:
HTTP/1.1 200 SUCCESS Content-Type: application/json { "status": "success" }
- Parameters:
client_id (integer) – OAuth2 client id
- Request Headers:
Authorization – OAuth 2.0 Bearer Token
- Status Codes:
200 OK –
success
provide a valid auth token
signature expired, please log in again
invalid token, please log in again
404 Not Found –
OAuth2 client not found
- POST /api/oauth/authorize¶
Authorize an OAuth2 client (app). If successful, it redirects to the client callback URL with the code to issue a token.
This endpoint is only accessible by FitTrackee client (first-party application).
Example request:
POST /api/oauth/authorize HTTP/1.1 Content-Type: multipart/form-data
Example response:
HTTP/1.1 200 SUCCESS Content-Type: application/json { "status": "success" }
- Form Parameters:
string client_id – OAuth2 client ‘client_id’
string response_type – client response type (only ‘code’ is supported by FitTrackee)
string scopes – OAuth2 client scopes
boolean confirm – confirmation (must be
true
)string state – unique value to prevent cross-site request forgery (not mandatory but recommended)
string code_challenge – string generated from a code verifier (for PKCE, not mandatory but recommended)
string code_challenge_method – method used to create challenge, for instance “S256” (mandatory if code_challenge provided)
- Request Headers:
Authorization – OAuth 2.0 Bearer Token
- Status Codes:
200 OK –
success
invalid payload
errors returned by Authlib library
provide a valid auth token
signature expired, please log in again
invalid token, please log in again
- POST /api/oauth/token¶
Issue or refresh token for a given OAuth2 client (app).
Example request:
POST /api/oauth/token HTTP/1.1 Content-Type: multipart/form-data
Example response:
HTTP/1.1 200 SUCCESS Content-Type: application/json { "access_token": "rOEHv64THCG28WcewZHRnVLUsOdUvw8NVnHKCmL57e", "expires_in": 864000, "refresh_token": "NuV9cY8VQOnrQKHTZ5pQAq2Zw7mSH0MorNPJr14AmSwD6f6I", "scope": ["profile:read", "workouts:write"], "token_type": "Bearer", "expires_at": 1658660147.0667062 }
- Form Parameters:
string client_id – OAuth2 client ‘client_id’
string client_secret – OAuth2 client secret
string grant_type – OAuth2 client grant type (only ‘authorization_code’ (for token issue) and ‘refresh_token’ (for token refresh) are supported by FitTrackee)
string code – code generated after authorizing the client (for token issue)
string code_verifier – code verifier (for token issue with PKCE, not mandatory)
string refresh_token – refresh token (for token refresh)
- Status Codes:
200 OK –
success
400 Bad Request – errors returned by Authlib library
provide a valid auth token
signature expired, please log in again
invalid token, please log in again
- POST /api/oauth/revoke¶
Revoke a token for a given OAuth2 client (app).
Example request:
POST /api/oauth/revoke HTTP/1.1 Content-Type: multipart/form-data
Example response:
HTTP/1.1 200 SUCCESS Content-Type: application/json {}
- Form Parameters:
string client_id – OAuth2 client ‘client_id’
string client_secret – OAuth2 client secret
string token – access token to revoke
- Status Codes:
200 OK –
success
400 Bad Request – errors returned by Authlib library
provide a valid auth token
signature expired, please log in again
invalid token, please log in again