Permission problem - "code":"missing" when getting activity data, must require access to private activities?

[Sun Burn]

The problem is related to  the 'View data about your private activities' checkbox on the application authorization page.

I don't understand why, but I seem to need to require the users to have the 'View data about your private activities' checkbox to be checked. If they check it, I'm able to fetch their activities fine. If they uncheck it, when I hit the activities endpoint:

https://www.strava.com/api/v3/athlete/activities?access_token=MYTOKEN

I always get this error:

{"message":"Authorization Error","errors":[{"resource":"AccessToken","field":"activity:read_permission","code":"missing"}]}

Why is it expecting the code? I thought the code was only needed one time to exchange for a refresh token.

Again, when I require the user to check the "View data about your private activities" checkbox, I never seem to receive that error.

I'm 90% sure I don't need to require my users to click that box, but for the last 5 months I've been requiring just to work around this issue. Any help would be appreciated.

[Jan Szewczak]

Hey, 

your users can choose what kind of scope gives access to your app its normal behaviour of oauth2 base auth.

They may not check that checkbox "View data about your private activities" then your app will not see private activities.

If you receive this error you can show a message like: "Please allow receive your private activities. Click here to allow this" and go to auth page with new scopes selected.