When external applications request Front API access through OAuth2, they are limited to the "shared resources" scope, which grants access to API resources belonging to shared workspaces. This idea suggests expanding the available scopes that a user could grant to an OAuth client, including a scope for accessing otherwise private individual teammate resources.
OAuth clients are also limited from accessing knowledge base resources at the moment. It would be nice to add that as a scope as well.