3

I have an ASP .NET Core MVC website that is for fitness etc. I'm trying to make it so people can connect their accounts on my site with their Strava accounts. I've read and re-read the Strava API documentation and I can't work it out.

I know that when you request access to Strava you wind up on a page like this: https://www.strava.com/oauth/authorize?client_id=25011&response_type=code&redirect_uri=http://localhost:61488&approval_prompt=force. Once the user clicks Authorize then it redirects to the URL supplied in redirect_uri. The "code" query string parameter that gets put into the address bar isn't a valid authorisation code and I can't actually use it for anything it would seem.

The ideal flow for my app would be:

  1. Someone signs up for an account on my site
  2. They click a link to auth Strava with their new account (so my web app has access to their strava data)
  3. My web app goes and gets all their historical activities and pulls it across
  4. My app displays this data

I'm falling down on the authentication step, and also the subsequent retrieval of data. Any help would be greatly appreciated :)

Lewis Cianci
  • 926
  • 1
  • 13
  • 38
  • I think you are missing one step. The code you are getting is not the authorization token (yet), is just a code which you will use to make a new request to Strava and then get your token. Be sure to check the documentation: https://developers.strava.com/docs/authentication/ – luizs81 Aug 29 '18 at 07:14

1 Answers1

0

I am not sure what you specifically mean with:

isn't a valid authorisation code and I can't actually use it

Error messages usually help you to troubleshoot.

Also, be sure that you are using the code or authorization_code parameter only once, according to the OAuth2 Authorization Response:

The client MUST NOT use the authorization code more than once.

Cheers!

Community
  • 1
  • 1
Antonio Saco
  • 1,620
  • 12
  • 21
  • I think this has probably got to do with me not understanding how to perform the exchange from Client ID and secret to the authorisation code. It'd be great if there was an example in C# of how to achieve this. Making things worse is that the strava code examples reference packages that don't exist/can't be nugetted :( – Lewis Cianci Apr 23 '18 at 23:26