Skip to content

Instantly share code, notes, and snippets.

@greenido

greenido/getStavaToken.md

Created May 17, 2024 01:48
Show Gist options
  • Save greenido/bc5ea268c22cf31ca9a9b5929a424f56 to your computer and use it in GitHub Desktop.
Save greenido/bc5ea268c22cf31ca9a9b5929a424f56 to your computer and use it in GitHub Desktop.
Download ZIP
How to get a token for Strava API calls requiring OAuth
Raw
getStavaToken.md

To get a token for Strava API calls requiring OAuth, you'll need to follow these steps:

1. Register Your Application:

  • Visit the Strava developer portal: https://developers.strava.com/
  • Create a developer account and register your application.
  • During registration, you'll receive a Client ID and Client Secret. These are essential for obtaining access tokens.

2. User Authorization:

  • Redirect the user to Strava's authorization endpoint using the following URL structure:
https://www.strava.com/oauth/authorize?client_id=[YOUR_CLIENT_ID]&response_type=code&redirect_uri=[YOUR_REDIRECT_URI]&approval_prompt=force&scope=[SCOPES]

Replace the placeholders with your values:

  • [YOUR_CLIENT_ID]: Your application's Client ID obtained during registration.
  • [YOUR_REDIRECT_URI]: The URL in your application where Strava will redirect the user after authorization. This URL needs to be registered in your Strava developer settings.
  • [SCOPES]: A comma-separated list of permissions your application needs. Refer to the Strava API documentation for available scopes (https://developers.strava.com/docs/reference/). Example: activity:read_all

3. Exchange Authorization Code for Access Token:

  • After successful user authorization, Strava will redirect the user back to your [REDIRECT_URI] with an authorization code in the URL parameters.
  • Use this authorization code to obtain an access token by making a POST request to the following endpoint:
https://www.strava.com/oauth/token

Request Body:

grant_type=authorization_code
client_id=[YOUR_CLIENT_ID]
client_secret=[YOUR_CLIENT_SECRET]
code=[AUTHORIZATION_CODE]
redirect_uri=[YOUR_REDIRECT_URI]
  • Replace the placeholders again with your values:
    • [YOUR_CLIENT_ID] and [YOUR_CLIENT_SECRET]: Your application credentials.
    • [AUTHORIZATION_CODE]: The authorization code received in the redirect URL after user authorization.
    • [YOUR_REDIRECT_URI]: The same redirect URI used in step 2.

4. Handle Response:

  • Strava's response will be a JSON object containing the access token, refresh token (optional), and access token expiration time.
  • Store the access token securely and use it for authorized Strava API calls.

5. Refresh Token (Optional):

  • Access tokens typically have limited expiry times.
  • The response might also include a refresh token. You can use this refresh token to obtain a new access token when the current one expires, avoiding the need for user re-authorization.

Additional Resources:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment