Skip to main content

Hello everyone!

I have a question regarding when a user authorizes an application linked to strava to get his data and based on that, you get the id of the athlete of that user, his accesstoken and refresh token.
My question is, when a user accepts the terms of the application he is joining, if he previously linked to another application, the tokens of that previous application will have expired, right? Because when it is linked to the new application it generates both new access token and refresh.

Is there no way to persist minimizing the same refresh?
Or any way to access the information of a user without the tokens of that same user?

Perhaps using the tokens listed in the API config?
The documentation always talks about the authenticated user, but in cases where a user is linked to several applications, it is difficult to always have the tokens due to the rotation that is generated when linking to a new application.

 

My question is, when a user accepts the terms of the application he is joining, if he previously linked to another application, the tokens of that previous application will have expired, right? Because when it is linked to the new application it generates both new access token and refresh.

Tokens are unique to each app. If a user has 2 apps authorized for their account, each app will have its own refresh and access token specific to that user. The tokens don't expire when a new app is added.

Is there no way to persist minimizing the same refresh?
Or any way to access the information of a user without the tokens of that same user?


All of the API calls require a valid token. If you don't pass a valid token you will get back an error response.

Access tokens expire after a short time (a few hours). Once it expires you will need to use the refresh token to request a new, updated access token. There is no way to persist the tokens for longer than their default expiry.

 


Perhaps using the tokens listed in the API config?
The documentation always talks about the authenticated user, but in cases where a user is linked to several applications, it is difficult to always have the tokens due to the rotation that is generated when linking to a new application.

The tokens in the API config are your own private tokens. They only apply to you and your app and cannot be used to access other user's data.

As I said above, the tokens do not rotate or expire when linking a new app. Tokens are per-app, so a user can have an unlimited number of apps connected and they will all work. Each app will have its own tokens.


Reply