Unable to exchange auth token

[ikbenben]

Hi everyone,

I'm hoping someone can help us as recently our Strava integration has stopped working.

We are fetching an auth token using the "https://www.strava.com/oauth/authorize" url within a mobile app and then sending that auth token to our backend. The backend then calls "POST https://www.strava.com/oauth/token" to exchange it for a access, refresh, etc tokens. This used to work but recently we started to get the following response:

{

"message": "Bad Request",

"errors": [

{

"resource": "AuthorizationCode",

"field": "code",

"code": "invalid"

}

]

}

Does anyone have any ideas what might be going on? It seems to be not to be liking the authentication code we are passing if I'm interpreting this correctly but I don't see how

I've tried to exchange the tokens in Postman and I'm getting this same error. I've attached a screenshot from postman for reference. What is not show is that we are including the Authorization request header in the headers tab

Thanks in advance

[Brian Petry]

Hi ikbenben,

I think you need to ask the user to re-authorize your app and get a new authorization code.  I think the authorization code given when the user authorizes your app can only be used once to obtain a temporary access token (temporary because it expires and you need to get a new one with the "refresh token" and not the original authorization code).  Your app maybe is using the code more than once somehow.  I had the same problem with my initial API app usage.