Skip to main content
Solved

Deauthorizing with an expired access token


Forum|alt.badge.img+1

Hello,

This link explains how to deauthorize an application.

https://developers.strava.com/docs/authentication/#deauthorization

`access_token` is a required param. Does it need to be active? Or can it be expired?

I'm assuming it can be expired. For example, a user should be able to deauthorize an application many days after they initially authorised it.

Thanks!

Best answer by Jan_Mantau

Deauthorization from the user side doesn't need tokens and they usually don't know these anyway. The deauthorization from your link is the responsibility of your app and of course it needs a valid token, it's even explicitely explained there.

View original
Did this topic help you find an answer to your question?

Jan_Mantau
Superuser
Forum|alt.badge.img+26

Deauthorization from the user side doesn't need tokens and they usually don't know these anyway. The deauthorization from your link is the responsibility of your app and of course it needs a valid token, it's even explicitely explained there.


Forum|alt.badge.img+2
  • Hub Rookie
  • January 30, 2025
Jan_Mantau wrote:

course it needs a valid token, it's even explicitely explained there.

 

The issue is, if for some reason you no long have access to the access token (for example: it was deleted from your DB), and if the end user is non responsive (frequently happens), there is no way to remove that user from your application.

 

I’ve interacted with many other fitness APIs, and there is usually a way to deauthorize an athlete from your application without requiring their access token. Usually you just need to supply your application secret id.

 

update: i just found another thread that raises this exact issue:

https://communityhub.strava.com/developers-api-7/deauthorizing-athletes-without-access-token-3171


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept, you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings