Skip to main content

I am setting up oAuth flow in postman and all works ok until it calls the token URL at which point it fails with a 404 as per the below. If anyone has some ideas on this help would be much appreciated:

 

POST https://www.strava.com/api/v3/token
 137 ms
  • Network
    ▶Request Headers
    Content-Typeapplication/x-www-form-urlencoded
    AuthorizationBasic MTEyOTM1OmIyOTUxMjZiYmIwYTBkZThkNzVjNDdkYWMwZDc3NDJkYTI1ZWIzZDY=
    User-AgentPostmanRuntime/7.32.3
    Accept*/*
    Cache-Controlno-cache
    Postman-Token5338b39b-26c7-4e29-8522-37083712d01d
    Hostwww.strava.com
    Accept-Encodinggzip, deflate, br
    Connectionkeep-alive
    Content-Length133
    Cookie_strava4_session=oi9vk4mpurrq5ere7c9msr25p75menc6
    • Request Body
      1.  grant_type: "authorization_code"
      2.  code: "e2632985384fd78ff6d482d42fedb3cfcb20cf7d"
      3.  redirect_uri: "https://oauth.pstmn.io/v1/callback"
        ▶Response Headers
        Content-Typeapplication/json; charset=utf-8
        Transfer-Encodingchunked
        Connectionkeep-alive
        DateWed, 30 Aug 2023 10:06:54 GMT
        Via1.1 linkerd, 1.1 linkerd, 1.1 b66a7470c341bb8edfe0c35c17d6e508.cloudfront.net (CloudFront)
        VaryAccept, Origin
        Pragmano-cache
        Servernginx/1.21.3
        Status404 Not Found
        ExpiresSat, 01 Jan 2000 00:00:00 GMT
        X-Request-Id2d3b4acd-92e4-4ae0-b73b-998df6d7566e
        Cache-Controlno-store
        Referrer-Policystrict-origin-when-cross-origin
        X-Frame-OptionsDENY
        Content-Encodinggzip
        X-XSS-Protection1; mode=block
        X-Download-Optionsnoopen
        X-Content-Type-Optionsnosniff
        X-Permitted-Cross-Domain-Policiesnone
        X-CacheError from cloudfront
        X-Amz-Cf-PopLHR61-P6
        X-Amz-Cf-IdyxmqCjPngWgMsfn1LESnVmE6P06ov6HJP6ezzQb47QpanmmRxZVjjQ==
        ▶Response Body
        {"message":"Record Not Found","errors":d{"resource":"resource","field":"path","code":"invalid"}]}
      4.  
      5.  

URL verified and problem still exists. Any help appreciated


The correct URL for getting the tokens is https://www.strava.com/api/v3/oauth/token


Thanks Jan_Mantau - I changed to your suggested URL and here is the result. Error code has changes from a 403 to a 400 - but still not working. I have verfied that the client-id and secret are correct and this works in the playground but not in postman using the oAuth flow

 

 


Your client_id and client_secret are missing from the request body.


Correcting this reply - I see that your are correct - investigating - thanks for the pointer

 

The client_id and client_secret are passed to the authorize call which returns successfully with the code that you see in the request body. The token call does not take the client_id and client_secret but rather the code that is generated from the authorize call which is returned after the user has successfully entered a userid and password based on the oAuth challenge. 

 

 

 


This solved the problem - please note in postman you need to do additional advanced configuration in hte oAuth config to pass the client_id and client_scret to the token call. You can see a screen shot of that configuration below. This is interesting as this data is already passed to the authorize api call and I am not sure why the token call needs this data again. However once you configure these the oAuth calls will work correctly

Thanks Jan_Mantau for helping me through this investigation


Reply