Strava API Authorisation for Android App

[si...@projexe.com]

I have developed an Android App that uses Athlete data from Strava by making API calls.

However, the Authorisation process for an App seems very clunky.

At the moment my App performs an asynchronous call to https://www.strava.com/oauth/authorize and opens up a browser to display the authorisation code. The App user is then prompted to cut and paste this code from the browser into the App, which then persists the code and can use it for future API calls. If the user isn't already logged into their Strava account, then the browser will require them to do this. Otherwise an authorisation code is returned straight away.

Of course the user only needs to perform this cut/paste step once, but it just seems so prehistoric.

Is this the recommended / only way of API authorisation for an App?

Am I missing something obvious which can allow an App to obtain an Auth Code directly without having to cut and paste it?  I realise that it will require the user to be logged in to Strava on the android device or else a username/password would need to be sent (which I accept has security implications). However if the user is not logged in already then better the app asks them to log in than requires this clunky cut/paste step?

How do other Apps connecct to Strava?




[si...@projexe.com]

Seriously!!?   There's no way other than this!!!!???   Wow that's poor.

[Ifor Powell]

You need to implement the flow in your app using a WebView. You can then have code to extract the tokens automatically.  Search for 'oAuth2 Android WebView' and you will find a number of tutorials you can base stuff off.

On Wednesday, 24 August 2016 16:23:01 UTC+1, si...@projexe.com wrote:

[Sam Sandberg]

Hi Simon, Ifor, and others,

I've implemented a Strava Authenticator for Android shell just for this purpose:

https://github.com/loisaidasam/strava-authenticator-android

I'm new to the whole process of publishing to Maven/jcenter/gradle/etc. so it has taken me a bit of time to actually publish it, but it's out now.

It should be a nice building block for constructing Strava-based Android apps. Skip the whole authentication/OAuth headache - you simply subclass StravaAuthenticateActivity and fill in your client id/client secret/activity intent, and you'll be rolling!

I hope to submit it to the Strava dev challenge. Hopefully it'll inspire others to do the same.

Let me know if you have any questions/feedback. This version should be stable, but there are a few things I'd still like to implement: verifying received token, handling custom layouts.

Happy Friday y'all!

-Sam

--
You received this message because you are subscribed to the Google Groups "Strava API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to strava-api+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Sam Sandberg


"Where is fancy bred? In the heart or in the head?"
   -Willy Wonka

[si...@projexe.com]

Can I just post a belated grateful thank you Ifor and Sam for your replies. I actually was following Ifor's advice before I saw your post, Sam. I implemented a Webview which works well and is much more usable.

It wasn't until after I had completed it that I saw your post, Sam, and since I'd already written the Strava authentication steps, it was just a matter of avoiding the Authorisation Callback Domain from opening its own browser and the Webview did that nicely.

I should have posted this weeks ago but it got overlooked - but your assistance and advice is very much appreciated and I wish you well, Sam, with the Strava Dev Challenge.

SimonH

To unsubscribe from this group and stop receiving emails from it, send an email to strava-api+...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.