Hello everyone. I'm having an issue with retrieving user data.
I decided to create an API that would fetch data from my friends and push a weekly leaderboard to our Telegram channel, showing who ran the most.
So, let me describe the process of creating the application.
1) I registered the application on Strava and obtained all the necessary data to work with their API.
2) I created an Express application and connected it to the Firebase database.
3) Through a Telegram bot, I asked my friend for permission to access their personal information. I used him to test the application architecture. I sent him the following link: https://www.strava.com/oauth/authorize?client_id=${clientID}&redirect_uri=${redirectURI}&response_type=code&scope=read_all. Please note that the scope field includes the read_all parameter.
4) My friend clicked the link and granted permission to share their information with me. At this stage, I stored all the necessary data, including their ID and token, in the database.
Now, let me explain in detail how I obtained the token.
After my friend clicked the link and granted permission to share their data, I receive the user information, including the authorization code. Then, I exchange this authorization code for a token by sending the authorization code in the request body to the following address: https://www.strava.com/oauth/token. In response, I receive the token and store it in the database along with all the necessary user information.
Now, here comes the problem that I haven't been able to solve.
Using Postman, I want to retrieve the entire list of activities for a specific user. In the documentation (https://developers.strava.com/docs/reference/#api-Activities-getLoggedInAthleteActivities), in the "List Athlete Activities" section (getLoggedInAthleteActivities), it is mentioned to send a request in the following format: HTTP GET "https://www.strava.com/api/v3/athlete/activities?before=&after=&page=&per_page=" "Authorization: Bearer [[token]]".
So, that's what I do. I take the user's token from the database and substitute it in the Bearer section. However, I receive the following response:
{"message":"Authorization Error","errors":[{"resource":"AccessToken","field":"activity:read_permission","code":"missing"}]}
This problem confuses me because the error code suggests that the request is correct, but the message indicates that I don't have sufficient permissions. It's puzzling to me because the link users click on includes the scope=read_all parameter.
Perhaps I'm missing something, and I would greatly appreciate any help in resolving this issue.