This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Home
- Developers
- Discussions
- Authorizing other users
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2024 05:56 AM
Hi all,
Pretty new to all this and hit a road block: I don't understand how I authorize other users via Oauth and get their access and refresh tokens.
I've done that step for myself using 'https://developers.strava.com/docs/getting-started/' Which had me to go to settings/api and manually copy my client ID and client secret. How does this process work for other users? This is likely a lack of knowledge on my part on webhooks or environment variables or something, and if this is the case, please just throw out the right words and I'll google them.
So far where I'm at: my code is hosted on a server and I can fetch my own activities from Strava API. I understand that I'll need to redirect users to 'https://www.strava.com/oauth/authorize', but I don't know how to do that and pass along their client id and client secret if I don't (and shouldn't) have that info.
Thanks,
Talisman
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2024 07:28 AM
Try this page and see if it helps - https://developers.strava.com/docs/authentication/
In short, your client ID and secret are what identify your app. The authorize URL is the same for everyone using your app, it contains your client ID and the scopes you are requesting (steps 1 & 2 in the flowchart). The person authorizing your app will see the screen asking for permissions with an authorize button. Remember they are logged in to their Strava account and the authorize URL is hosted by Strava, so it knows who they are.
Once the user clicks the authorize button (step 3), Strava will send your server a code (to the redirect_uri you provided in the authorize URL) which you exchange for a token using your client secret (on the page you linked, this is steps 9-11). You will get back 2 tokens - an auth_token and a refresh_token. The auth token will allow you to perform API calls on behalf of that user until it expires. At that point you either need to have them authorize again, or use the refresh token to get a new auth token.
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2024 07:28 AM
Try this page and see if it helps - https://developers.strava.com/docs/authentication/
In short, your client ID and secret are what identify your app. The authorize URL is the same for everyone using your app, it contains your client ID and the scopes you are requesting (steps 1 & 2 in the flowchart). The person authorizing your app will see the screen asking for permissions with an authorize button. Remember they are logged in to their Strava account and the authorize URL is hosted by Strava, so it knows who they are.
Once the user clicks the authorize button (step 3), Strava will send your server a code (to the redirect_uri you provided in the authorize URL) which you exchange for a token using your client secret (on the page you linked, this is steps 9-11). You will get back 2 tokens - an auth_token and a refresh_token. The auth token will allow you to perform API calls on behalf of that user until it expires. At that point you either need to have them authorize again, or use the refresh token to get a new auth token.
Options
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2024 12:00 PM
Thank you, I was able to make it one step further thanks to your help. For anyone in my shoes who might be struggling, this is how I was able to get the code from the Strava Oauth2, using Javascript.
window.location.href = window.location.href = "https://www.strava.com/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=YOURWEBSITE/&response_t...";
Note: it's bad practice to directly input your client ID, I'm still trying to figure out the right way. Something to do with server environment variables.
Anyways, this redicrects the user to the authenticator, hopefully they accept, then the authenticator service returns to your website and now the needed code is in the URL. To access this, you can use
const qs = new URLSearchParams(window.location.search);
authCode=qs.get('code');
And now you'll have all the information needed to do a fetch post request to Strava for the auth_token and refresh_token. Of course, I am stuck on some CORS issue, but that's a different issue.
Thank you again for your help.
Related Content
- API scope in Developer Discussions
- Moving from polling to webhook in Developer Discussions
- Strava authorization callback domain, only allowing top level domain issue in Developer Discussions
- Profile Webhook Events in Developer Discussions
- How to detect users who create activities by manually uploading files (.tcx, .fit, .gpx) in Developer Discussions
Ready, Get Set, Go!
Welcome to the Community - here is your guide to help you get started!
Know how to use Community
Understand Community Settings
