My Authorization Code is invalid once it is used to get data
1,384 views
Skip to first unread message
Nguyen Manh
Jan 13, 2020, 5:25:03 AM1/13/20
to Strava API
Hi,
Help meRecently the code refresh token returned as follows
object(stdClass)#2 (2) {
["message"]=>
string(11) "Bad Request"
["errors"]=>
array(1) {
[0]=>
object(stdClass)#4 (3) {
["resource"]=>
string(17) "AuthorizationCode"
["field"]=>
string(4) "code"
["code"]=>
string(7) "invalid"
}
}
}Thanks for all help!!!
Alexander Zobnin
Jan 13, 2020, 7:21:59 AM1/13/20
to Strava API
I encounter exactly the same issue today. My application worked fine for a month or so and I didn't make any changes, so I believe it's an issue on the Strava side. I'm tryin to renew access token and first request returns data. But then I get 401 Unauthorized (invalid access token).
Angelica Rosa
Jan 27, 2020, 5:51:44 AM1/27/20
to Strava API
The same here:
{
"client_id":"MY_CLIENT_ID",
"client_secret":"MY_SECRET",
"grant_type": "refresh_token",
"refresh_token": "REFRESH_TOKEN"
}
Answer:
{
"message": "Bad Request",
"errors": [
{
"resource": "RefreshToken",
"field": "code",
"code": "invalid"
}
]
}Code is not a field that must be submitted in this request, so i'm confused.
Shashwat Kumar
Jan 28, 2020, 6:29:19 AM1/28/20
to Angelica Rosa, Strava API
It means that the refresh token is incorrect. The error message is quite misleading.
--
You received this message because you are subscribed to the Google Groups "Strava API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to strava-api+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/strava-api/d17a744a-b42c-4671-ad4e-5169ce56a6db%40googlegroups.com.
Regards
Shashwat Kumar
Shashwat Kumar
Angelica Rosa
Jan 28, 2020, 6:32:31 AM1/28/20
to Strava API
The refresh token is correct, in my case.
Is possible that the refresh_token expires?
Il giorno lunedì 13 gennaio 2020 11:25:03 UTC+1, Nguyen Manh ha scritto:
Shashwat Kumar
Jan 28, 2020, 6:36:47 AM1/28/20
to Angelica Rosa, Strava API
Yes it changes. You might need to get a new one.
--
You received this message because you are subscribed to the Google Groups "Strava API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to strava-api+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/strava-api/49db354b-c63e-4832-a23e-ce0c83c4e06a%40googlegroups.com.
Angelica Rosa
Jan 28, 2020, 6:41:06 AM1/28/20
to Strava API
Sorry, but i'm missing the point here.
If the refresh_token expires and changes just as the short_term token, why should i use it?
If
i have to ask again to the user to authorize the app (in order to get a
new set of tokens), i will just use the short token, since is the same
process. Don't you think?
To unsubscribe from this group and stop receiving emails from it, send an email to strav...@googlegroups.com.
Shashwat Kumar
Jan 28, 2020, 7:21:56 AM1/28/20
to Angelica Rosa, Strava API
All tokens are changed keeping security in concern. Following is the explanation on the website:
The refresh token for this user, to be used to get the next access token for this user. Please expect that this value can change anytime you retrieve a new access token. Once a new refresh token code has been returned, the older code will no longer work.
Just keep using the new value of refresh_token and you won't need to re-authorize the user.
To unsubscribe from this group and stop receiving emails from it, send an email to strava-api+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/strava-api/11b653d5-5b11-4a38-bc00-8c2bcf316dc0%40googlegroups.com.
Regards
Shashwat Kumar
Shashwat Kumar
Angelica Rosa
Jan 28, 2020, 7:24:10 AM1/28/20
to Strava API
Yes, i've read that part of documentation, and this is why i wrote before that the refresh token was correct: it was the last one returned. And i still get the error.
To view this discussion on the web visit https://groups.google.com/d/msgid/strava-api/11b653d5-5b11-4a38-bc00-8c2bcf316dc0%40googlegroups.com.
--Regards
Shashwat Kumar
Shashwat Kumar
Jan 28, 2020, 7:34:40 AM1/28/20
to Angelica Rosa, Strava API
Then you need to pass params as X-URL-ENCODED instead of JSON.
curl -X POST https://www.strava.com/api/v3/oauth/token \
-d 'client_id=ID&client_secret=SECRET&grant_type=refresh_token&refresh_token=REFRESH_TOKEN'
-d 'client_id=ID&client_secret=SECRET&grant_type=refresh_token&refresh_token=REFRESH_TOKEN'
To unsubscribe from this group and stop receiving emails from it, send an email to strava-api+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/strava-api/1536e344-5ce6-41d4-8b83-c1055be7f210%40googlegroups.com.
Regards
Shashwat Kumar
Shashwat Kumar
Brad Head
Jan 28, 2020, 3:42:09 PM1/28/20
to Angelica Rosa, Strava API
Your clients app exchanges a refresh token for an access token when the access token has expired.
This allows clients to continue to have a valid access token without further interaction with the user.
If you use libraries for Auth2 this is often managed for you , such as with Dot net core middleware. It’s not recommended to code auth2 flows yourself but use toolkits
Excuse the typos. Sent from my iPhone,
On Jan 28, 2020, at 3:41 AM, Angelica Rosa <anij...@gmail.com> wrote:
To unsubscribe from this group and stop receiving emails from it, send an email to strava-api+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/strava-api/11b653d5-5b11-4a38-bc00-8c2bcf316dc0%40googlegroups.com.
Angelica Rosa
Jan 29, 2020, 4:54:07 AM1/29/20
to Strava API
Thank you Brad, but if you take a look at the thread we are a bit ahead from the basic oauth process concept.
The main issue is there's a wrong error message, referring to a field ("code") that the endpoint doesn't require.
After this, i'm experiencing a strange behaviour with the refresh_token, that became invalid some time forcing the user to interact with the application to start the token exchange process again.
After this, i'm experiencing a strange behaviour with the refresh_token, that became invalid some time forcing the user to interact with the application to start the token exchange process again.
I will try to analyze further when this happens and if is something that's casual or sistematic.
In the end: i will code my oauth2 flow while i wait for someone else to write a react native toolkit in the meanwhile, but implementing a couple of rest endpoint should be in the capatibilities of anyone that code :)
To view this discussion on the web visit https://groups.google.com/d/msgid/strava-api/11b653d5-5b11-4a38-bc00-8c2bcf316dc0%40googlegroups.com.
Tristan Watson
Jan 30, 2020, 1:31:15 PM1/30/20
to Strava API
I've hit this too, I have a datetime-picker. If the user goes back, then the token is now, as Angelica says, just 'invalid'.
it would be nice to know what has changed from a Strava API perspective, as this was working just fine prior.
Thanks!
Thanks!
Gabriele Barni
Jan 30, 2020, 3:00:34 PM1/30/20
to Strava API
I'm experiencing exactly the same issue...I am relieved I am not alone :)
Hopefully, a fix will be issued soon
cam stronge
Feb 1, 2020, 9:34:53 AM2/1/20
to Strava API
Exactly the same problem as well is my first time using strava api and spent all morning figuring out how to change my access token to have scope for reading activities and then came across this exact error.^^ Again glad I'm not the only one and its not purely down to my incompetence. If anyone does find a workout would be great to know.
Julien A
Feb 12, 2020, 5:05:00 AM2/12/20
to Strava API
Ilya Khokhlov
Feb 12, 2020, 6:00:47 AM2/12/20
to Strava API
I have same problem. Did you find solution?
John Sieber
Feb 13, 2020, 2:23:54 PM2/13/20
to Strava API
I'm also seeing this behavior as well.
Chaitra Bhagavan
Mar 30, 2021, 7:29:24 AM3/30/21
to Strava API
Im seeing this behaviour as well. Is there any solution for this???
Bryant Likes
Mar 30, 2021, 9:43:42 AM3/30/21
to Chaitra Bhagavan, Strava API
The authorization code can only be used once and the purpose is to get the authorization token which can be used multiple times. The solution is to use the code to get the token.
--
You received this message because you are subscribed to the Google Groups "Strava API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to strava-api+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/strava-api/70de1815-b375-4c4c-b81c-5afa7e3510b4n%40googlegroups.com.
Geoffrey Dunn
Jan 19, 2023, 10:31:15 PM1/19/23
to Strava API
This is an old thread but I stumbled across what looked to be the same problem and came to a different solution
In creating my code I was trying to do the grant_type=authorization_code whenever the token expires. Seems pretty easy to get that early token exchange working and assume that a refresh is done exactly the same way. Took me re-reading the documentation a few times at https://developers.strava.com/docs/authentication/ before I realised there's a grant_type=refresh_token and my code needs to transition from one to the other. The differences are so small that I plan to put a giant comment in my code to make it clearer.
In creating my code I was trying to do the grant_type=authorization_code whenever the token expires. Seems pretty easy to get that early token exchange working and assume that a refresh is done exactly the same way. Took me re-reading the documentation a few times at https://developers.strava.com/docs/authentication/ before I realised there's a grant_type=refresh_token and my code needs to transition from one to the other. The differences are so small that I plan to put a giant comment in my code to make it clearer.
Sharing my mistake so you don't have to make it. Sometimes I do RTFM and am still lost!
Geoff
Reply all
Reply to author
Forward
0 new messages