--
You received this message because you are subscribed to the Google Groups "Strava API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to strava-api+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/strava-api/17b0f89d-4f20-41e1-a001-b504c6d459c7o%40googlegroups.com.
I host my app in Azure. It is a mix of client side and server side applications. https://komchallenges.com/As for that URL with the client id, there is no way around that. The client id isn't really a secret and is just an incremental number. You just need to make sure you keep your client secret safe and don't share that in client side code.
On Fri, Jul 10, 2020 at 1:11 PM Geoff Topley <geoff...@gmail.com> wrote:
Has anyone any interesting production live apps they would like to share?--I'm also interested in finding out how you handle the security of your app. I've built a pretty nice app locally using my strava data, but have no idea of how to secure it if I was to push it live to the world. Thinking of using Netlify or similar to host; but no idea of how to get around the initial token retrieval.Locally I call out to https://www.strava.com/oauth/authorize?client_id=xxxxx&response_type=code&redirect_uri=http://localhost:3000/callback/exchange_token&approval_prompt=force&scope=activity:read to get the auth token etc. No idea how to handle all this for a production build - since my client_id for one is part of the URL.Any advice?
You received this message because you are subscribed to the Google Groups "Strava API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to strav...@googlegroups.com.
To unsubscribe from this group and stop receiving emails from it, send an email to strav...@googlegroups.com.
Hey Geoff!My project is frontend only, made in React with GatsbyJS and hosted on Heroku.It's on Github if you want to check the code: https://github.com/fredbegin11/bifurkateThe client_id is the id of your Strava App, not your personal account. You have to provide it.Here's basically how I do it in my app to authenticate a user:1) Redirect the user to https://www.strava.com/oauth/authorize?client_id=XYZ .....2) Once the user has given access to my application, it redirect to my /callback page, with a "code" query param3) On the /callback page, I do a POST request on https://www.strava.com/api/v3/oauth/token with the code received from step 2 to get an access token4) Store the result of the token query (expires_at, refresh_token and access_token) somewhere (localStorage in my case)5) Redirect to your app page6) You're now authenticated and you can pass the access_token in all your Strava API requestsHope that helps.Cheers!
To unsubscribe from this group and stop receiving emails from it, send an email to strava-api+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/strava-api/2dcc6b20-49c7-435a-a01f-c2576e52417dn%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Strava API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to strava-api+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/strava-api/cdf36e17-cd30-4be3-8f29-0f73738b8099o%40googlegroups.com.