Skip to content

Commit fc87b89

Browse files
author
Kadi Kraman
committed
Add a config example for Strava
1 parent 1c63bee commit fc87b89

File tree

2 files changed

+38
-0
lines changed

2 files changed

+38
-0
lines changed

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,7 @@ These providers implement the OAuth2 spec, but are not OpenID providers, which m
4141
- [Coinbase](https://developers.coinbase.com/docs/wallet/coinbase-connect/integrating) ([Example configuration](./docs/config-examples/coinbase.md))
4242
- [GitHub](https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/) ([Example configuration](./docs/config-examples/github.md))
4343
- [Slack](https://api.slack.com/authentication/oauth-v2) ([Example configuration](./docs/config-examples/slack.md))
44+
- [Strava](https://developers.strava.com/docs/authentication) ([Example configuration](./docs/config-examples/strava.md))
4445

4546
## Why you may want to use this library
4647

docs/config-examples/strava.md

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
# Strava
2+
3+
Strava is not 100% spec compliant, but it is still possible to get this to work with this library.
4+
5+
If you don't already have an app, create one [here](https://www.strava.com/settings/apps).
6+
7+
Now add a redirect uri [here](https://www.strava.com/settings/api). Unlike most providers that ask you to define the entire callback uri, here you need to add the "Authorization Callback Domain", e.g. `oauthredirect` (it can be anything really, in this case the redirect uri in used in the config will be `com.myapp://oauthredirect`).
8+
9+
Now go to the app page to find the client id and secret and use them in your config like so:
10+
11+
```js
12+
config = {
13+
clientId: '<client_id>',
14+
clientSecret: '<client_secret>',
15+
redirectUrl: 'myapp://oauthredirect',
16+
serviceConfiguration: {
17+
authorizationEndpoint: 'https://www.strava.com/oauth/mobile/authorize',
18+
tokenEndpoint:
19+
'https://www.strava.com/oauth/token?client_id=<client_id>&client_secret=<client_secret>',
20+
},
21+
scopes: ['activity:read_all'],
22+
};
23+
24+
const authState = await authorize(config);
25+
```
26+
27+
Note, they require the client secret and id being passed in the token endpoint. This is not in the spec and thus is not supported. But we can get around it by adding them to the tokenEndpoint as url params.
28+
29+
## Revocation
30+
31+
The built in token revocation also won't work for Strava, because they use the param `access_token` instead of `token`, but you can easily implement it yourself using `fetch`
32+
33+
```js
34+
const res = await fetch(`https://www.strava.com/oauth/deauthorize?access_token=${accessToken}`, {
35+
method: 'POST',
36+
});
37+
```

0 commit comments

Comments
 (0)