Skip to main content
Solved

invalid token exchange authorization codes?

C
Forum|alt.badge.img+7

So 99% of the time my token exchange process works just fine, but occasionally Strava responds with a "Bad Request" message.

I've confirmed that each authorization request is accepted, and I receive a query string formatted as expected, looking like:

"code":"012345ab6c7d89e48d7e92a0e381024deb1f0a7b",
"scope":"activity:read_all,activity:write,profile:read_all,read,read_all"

but occasionally the POST call to https://www.strava.com/oauth/token receives this response:

{ "message":"Bad Request",
  "errors": [{
    "resource":"AuthorizationCode",
    "field":"code",
    "code":"invalid"
  }]
}

This issue is so intermittent that I can't reproduce it, but I'm sure I only try to use the short-lived code once...

Any ideas what might be going wrong? 

Best answer by Elliott

Hi Cyril, 

If you've taken all of the steps to troubleshoot what could have caused the Bad Request error and are still experiencing issues, you can always reach out to us at developers@strava.com and we can investigate the issue further and see if there's anything we can identify on our side. 

- Elliott

View original
Did this topic help you find an answer to your question?

6 replies

E
Community Manager
Forum|alt.badge.img+20
  • ElliottCommunity Manager
  • Community Manager
  • 132 replies
  • Answer
  • February 2, 2023

Hi Cyril, 

If you've taken all of the steps to troubleshoot what could have caused the Bad Request error and are still experiencing issues, you can always reach out to us at developers@strava.com and we can investigate the issue further and see if there's anything we can identify on our side. 

- Elliott

A
Forum|alt.badge.img+2

@Cyril Did you got the solution to this problem ? I created an app and got my 30 + Club memebers on this but three people so far complained about not able to join our dashboard. I see and I get the same issue for their access token. The users tried to Revoke access to app and tried again but same result for those three users. However most of the others users were able to login and their activities coming fine as well.

@Elliott11 I wrote to the email stated above in this thread but I still didn't got any response so I tried to bump this conversation up.

E
Community Manager
Forum|alt.badge.img+20
  • ElliottCommunity Manager
  • Community Manager
  • 132 replies
  • July 31, 2023

Hey @ashishsukhija ðŸ‘‹

Looks like your ticket was submitted over the weekend. You can expect to hear from our team shortly! 

A
1 person likes this
  • A
    ashishsukhija
T
Forum|alt.badge.img
  • thomaskenne
  • Hub Starter
  • 1 reply
  • June 25, 2024

@ashishsukhijaDid you ever get this resolved? We are seeing the exact same thing.

A
Forum|alt.badge.img
  • aBOgdzie
  • Hub Starter
  • 3 replies
  • March 28, 2025

How was it solved?

The same here, randomly but pretty often case:

https://www.strava.com/oauth/token

req=client_id=12344&client_secret=xxxxxxxxxxxx&redirect_uri=<url>&grant_type=authorization_code&code=f791b2yyyyyyyyyyyyy93e

returns

{
    "message": "Bad Request",
    "errors":
    [
        {
            "resource": "AuthorizationCode",
            "field": "code",
            "code": "invalid"
        }
    ]
}

It is strange, because it is freshly delivered by Strava, so it should be valid. It has nothing to do with refresh token probably. User requests new token through the code.

Sorry for crossposting, but it would be nice to fix it.

A
Forum|alt.badge.img
  • aBOgdzie
  • Hub Starter
  • 3 replies
  • March 29, 2025

I spent on this entire day almost. But I have a proof of concept why it doesn't work:

  • We receive the code
  • We use it in the request to https://www.strava.com/oauth/token
  • We receive invalid for the code and the lib throws exception Required option not passed: "access_token"

The reason of this that we process this request too fast, so it is not propagated in the Strava services (probably some independent services processing auth codes).

So if we repeat request https://www.strava.com/oauth/token once again with the same code after ~2 seconds, then it works, despite that we used this code once before, but it hasn't been registered yet in the Strava's OAuth service.

Reply


Most helpful members this week

Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept, you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings