The Hub is now in read-only mode as we make improvements to the Hub experience. More information is available here.
02-26-2023 06:17 AM
Is there a way to remove a user from the app. I can delete all the user data from my side, but I can't remove their subscription from strava (from what I can see this isn't possible).
I am geting events for users that have been removed and I dont need to have those events.
Maybe I am missing something, I would appreciate any help/advice.
08-20-2024 12:06 AM - edited 08-20-2024 12:07 AM
Strava should stop sending events if a user deauthorized!
So the question is why strava is sending webhook events if a user deauthorized???
It is strava responsibility to make sure they stop sending events in such case.
There is something off on the Strava side I belive.
12-08-2023 05:34 AM
So I managed to find out who the user was using the ID and the url to find the actual athlete. As my app is mainly cycling friends it was easy for them to remove themselves.
However, I agree, we as the app owners should be able to remove users if needed. This isnt a security issue, as you still need to provide your key to access strava api to carry out this removal.
12-07-2023 10:58 PM
Deauthorization is totally possible (you just make a POST request to https://www.strava.com/oauth/deauthorize), but you obviously need a valid access token. Otherwise anybody could deauthorize your app for any given athlete.
Since you already deleted the athlete from your database, your only choice is to have the user log into your app again so that you can re-obtain the access token. Until then, just keep ignoring the webhook events.
02-27-2023 08:13 AM
I just got an email stating you can DeAuthorize an athlete. Link here
However, the challenge I have is that I have removed the Athlete data already, so I dont have the token. However whent he sub call happens I do get the AthleteID so I was hoping I could deauthorize using this? As my thought is that DeAuthorizing shouldnt be a security issue or any other issue from user/strava point of view?
02-27-2023 06:55 AM
You are not missing anything. At the moment it is not possible to remove/revoke access for an athlete. The only option you have is to ignore any events which come in for users that do not exist in your database.
02-27-2023 07:20 AM
Thank you for replying @ActivityFix.
Its a shame this isn't available. I have already written the code to ignore these incoming events, but its just unnecessary noise.
12-06-2023 11:58 AM
Agreed - I think it makes a lot of sense to be able to deauth users. It’s not hard to drop events but it doesn’t feel proper.
Welcome to the Community - here is your guide to help you get started!