Request profile:read_all scope for detailed athlete data

[Copilot]

Equipper currently requests only summary athlete data from Strava. Adding profile:read_all scope enables access to detailed athlete information including gear (bikes, shoes) and user preferences (measurement units, date format).

Changes

• Website/index.html: Added profile:read_all to OAuth scope parameter

// Before
scope=read,activity:read,activity:write

// After  
scope=read,activity:read,activity:write,profile:read_all

The AuthScopes model and validation logic already supported this scope - it was simply not requested during OAuth flow.

Additional Fields Accessible

With detailed athlete responses:

• bikes, shoes - gear inventory
• measurement_preference - feet/meters
• ftp, weight, clubs - performance and social data
• follower_count, friend_count

Note: PII fields (name, email) are already in summary athlete responses, so this introduces no new privacy concerns.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• aka.ms
  • Triggering command: /usr/bin/curl curl -I -sSL --retry 5 --retry-delay 2 --connect-timeout 15 REDACTED (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Request profile:read_all scope</issue_title>
<issue_description>Equipper should request profile:read_all scope from users.

Without profile:read_all, athlete responses are summary athletes. Having profile:read_all allows Equipper to access detailed athletes.

Detailed athletes have a few extra fields that will be very helpful for equipper:

• Gear details
• preferred units of measurement & date format

A complete list of extra fields is below, and shows that the more sensitive fields (PII) are included in the summary anyways. So, requesting profile:read_all doesn't introduce any new security concerns:

additional field	description
follower_count	The athlete's follower count.
friend_count	The athlete's friend count.
measurement_preference	The athlete's preferred unit system. May take one of the following values: feet, meters
ftp	The athlete's FTP (Functional Threshold Power).
weight	The athlete's weight.
clubs	The athlete's clubs.
bikes	The athlete's bikes.
shoes	The athlete's shoes.

</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Request profile:read_all scope #54

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[github-actions]

Azure Static Web Apps: Your stage site is ready! Visit it here: https://kind-ocean-0a357fa0f-64.eastus2.azurestaticapps.net