The Bolg

Back to coding blogs 🧏🏾‍♂️

note, i used some notion AI thing to rewrite my post. it sounds uncanny lmao but oh well its funny

[[oauth]] Implementation Steps

This guide focuses specifically on setting up Strava OAuth to access personal data, rather than explaining the full OAuth flow.

The first API call obtains an authorization code. We'll use this to get an access token (which expires every 6 hours) and a refresh token (used to regenerate the authorization token).

While this process can be automated, we'll use the browser method for simplicity, following the official documentation.

http://www.strava.com/oauth/authorize?client_id=[CLIENT_ID]&response_type=code&redirect_uri=http://localhost/exchange_token&approval_prompt=force&scope=activity:read_all

After allowing permissions, grab the authorization code from the redirected page's URL:

http://localhost/exchange_token?state=&code=[AUTHZ_CODE]&scope=read,read_all

Next, we'll get the access token for data retrieval and a refresh token. You'll need your client_id and client_secret from your profile page, plus the authorization code from above:

curl -X POST <https://www.strava.com/oauth/token> \\
	-F client_id=YOURCLIENTID \\
	-F client_secret=YOURCLIENTSECRET \\
	-F code=AUTHORIZATIONCODE \\
	-F grant_type=authorization_code

From the response, extract these values:

  • "refresh_token"
  • "access_token"

Finally, we can use the API to get our data. Here's a quick sample in Go. access_token above is same as BEARER_TOKEN below

client := &http.Client{}
req, err := http.NewRequest("GET", "https://www.strava.com/api/v3/athlete/activities?after=1735660800", nil)    
if err != nil {        
	return nil, fmt.Errorf("error creating request: %w", err)    
}
log.Info("bearer token: %s", os.Getenv("BEARER_TOKEN"))
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", os.Getenv("BEARER_TOKEN")))
resp, err := client.Do(req)    
if err != nil {        
	return nil, fmt.Errorf("error making request: %w", err)    
}
defer resp.Body.Close()
bodyBytes, err := io.ReadAll(resp.Body)    
if err != nil {        
return nil, fmt.Errorf("error reading response body: %w", err)    
}

If the token is expired or about to expire, regenerate the access_token:

curl -X POST https://www.strava.com/oauth/token \
-F client_id=<CLIENT_ID> \
-F client_secret=<CLIENT_SECRET> \
-F refresh_token=<REFRESH_TOKEN> \
-F grant_type=refresh_token

response is someth like 
{"token_type":"Bearer","access_token":"<ACCESS_TOKEN>","expires_at":1738348103,"expires_in":20258,"refresh_token":<REFRESH_TOKEN>}