Feature request: Custom URL schemes for Authorization Callback Domain

[Tim Viaene]

Hello,

I'm trying to use the Strava API in a native iOS app. Right now I have to show the login/authorize page inside a web view in my app to be able to catch the authorisation code from the callback URL.

I think it would be better if I could send the user to mobile Safari to log in and authorise the app, and then hop back to my app.

For that to work, I would need to be able to register my own callback URL, such as my-strava-app://. Right now you can only specify "http[s]://" URLs.

Benefits for users:

• They can see in the address bar that they are logging in to Strava, and not giving me their password
• If they are already logged in their browser, or have their password saved in the keychain/1Password/..., they don't have to re-type/remember their Strava password.

Are there any plans to make custom URL schemes possible for the callback url?

Thanks in advance,

--Tim

[Paul Mach]

Even though the website says it has to be http[s] it we don't verify the protocol so you can set it to 'my-strava-app' if you'd like.

Dr. Paul Mach

STRAVA

--
You received this message because you are subscribed to the Google Groups "Strava API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to strava-api+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Tim Viaene]

Paul, are you sure?

I get this message when trying to update the callback "domain":

Am I doing something wrong?

--Tim

Op vrijdag 14 maart 2014 18:11:05 UTC+1 schreef Paul:

[Paul Mach]

Just put authorization into the box.  Yes, the page is unclear, but it will work. 

Dr. Paul Mach

STRAVA

[Tim Viaene]

Yes, that actually works!

Thanks,

--Tim

Op maandag 17 maart 2014 18:20:19 UTC+1 schreef Paul:

[Ryan Rosello]

Thank you guys!!! I was struggling with this. 

[Jiacheng Xu]

Hi Paul

Do you know how should I get the authorization code? By the way. I used the http://strava.com for website and localhost for call back domain. Is that ok?

thank you very much

Best

JC

[Ron Jawanda]

How does this actually work in the Authorization callback domain it only allows a domain name without the scheme.

Thanks very much for any response.

I'm developing android app.

[Tim Viaene]

The scheme is not validated: you don't have to configure it when setting up your API application and you can use any scheme you want when specifying the redirect_uri in your /oauth/authorize request.

Hope this helps!

--Tim

--
You received this message because you are subscribed to a topic in the Google Groups "Strava API" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/strava-api/dDsxT0xYE8c/unsubscribe.
To unsubscribe from this group and all its topics, send an email to strava-api+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/strava-api/ea6582df-3b68-4434-b694-5ac62cfd1498%40googlegroups.com.

[Nicholas Ravanelli]

I am having issues with the Authorization callback domain... I want to work on a development site for creating my application but I cannot change the authorization callback domain to something I want to use for testing purposes.

I have it set to a parent domain with a port on the Strava API dashboard (e.g. www.mywebsite.com:8080) 

and when I use the generated OAuth link;

https://www.strava.com/oauth/authorize?client_id=CLIENTID#&response_type=code&approval_prompt=force&scope=read,profile:read_all&redirect_uri=http://www.mywebsite.com:8080

I am met with this: 

{"message":"Bad Request","errors":[{"resource":"Application","field":"redirect_uri","code":"invalid"}]}

Is this still not an accepted method for obtaining authorization codes? I feel like this level of customization should be accepted... I can use http://localhost no problem, but that gives me a 404 page and I rather not have that post-production.

Thanks in advance.

On Thursday, May 9, 2019 at 6:00:43 AM UTC-4, Tim Viaene wrote:

The scheme is not validated: you don't have to configure it when setting up your API application and you can use any scheme you want when specifying the redirect_uri in your /oauth/authorize request.

Hope this helps!

--Tim

On Thu, May 9, 2019 at 7:04 AM Ron Jawanda <myaico...@gmail.com> wrote:

How does this actually work in the Authorization callback domain it only allows a domain name without the scheme.

Thanks very much for any response.

I'm developing android app.

On Friday, March 14, 2014 at 3:36:40 AM UTC-7, Tim Viaene wrote:

Hello,

I'm trying to use the Strava API in a native iOS app. Right now I have to show the login/authorize page inside a web view in my app to be able to catch the authorisation code from the callback URL.

I think it would be better if I could send the user to mobile Safari to log in and authorise the app, and then hop back to my app.

For that to work, I would need to be able to register my own callback URL, such as my-strava-app://. Right now you can only specify "http[s]://" URLs.

Benefits for users:

• They can see in the address bar that they are logging in to Strava, and not giving me their password
• If they are already logged in their browser, or have their password saved in the keychain/1Password/..., they don't have to re-type/remember their Strava password.

Are there any plans to make custom URL schemes possible for the callback url?

Thanks in advance,

--Tim

--
You received this message because you are subscribed to a topic in the Google Groups "Strava API" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/strava-api/dDsxT0xYE8c/unsubscribe.

To unsubscribe from this group and all its topics, send an email to strav...@googlegroups.com.

[Matt Richards]

Hi Nicholas,

We are having exactly the same issue. How did you solve this? 

Thanks in advance.

Matt