Authorize a 3rd party client to access komoot on behalf of a user

Initiates the Auth flow which redirects to the komoot login and afterwards back to the redirect URI. In more detail, this request will return a 302 to the komoot login page which you need to follow. Regardless of whether the user did successfully login and authorize your application or if he canceled, the redirect URL is called. When the user authorization was not successful, the call to the redirect URL contains error=access_denied as query parameter. In case of a successful login it includes the code parameter in the query.

get

Request authorization

Authorize a 3rd party client to access komoot on behalf of a user using the device_code grant type

Initiates the Auth flow returns a code and a verification URL. This information must be displayed to the user so that he/she can go to the verification URL and type in the code there. In the next step, the user finishes the usual OAuth2 approval flow. The device/watch polls the API while showing the user code. The API returns OAuth2 tokens once the user completed the approval flow in web.

post

Start device code flow

Obtain access token and refresh token for a user

Retrieve an access token for the user. The redirect_uri supplied to the authorize call will be called on success as well as on failure. On success the query includes the code necessary to retrieve the token and the state that was passed into the authorize request. In case of an error the query on the redirect URL will contain no code, instead it contains error=access_denied. A 400 with grant_type=refresh_token and { "error": "invalid_grant" } in the JSON body means the refresh token is no longer valid / the user disconnected. In this case you need to perform the full authentication again (aka show the login screen or start the device code flow).

post

Retrieve an access token for the user

Disconnect connection of user

Allows to "log out" a user by removing the refresh token and with that disconnect a user's connection.

delete

Allows to "log out" a user by removing the refresh token and with that disconnect a user's connection.