Ensure the authorization callback domain used in redirect_uri is registered in the Strava API app settings in Authorization Callback Domain field. Note that localhost and 127.0.0.1 are whitelisted by default.
-
Go to this page in browser: https://www.strava.com/oauth/authorize?client_id=CLIENT_ID_HERE&&grant_type=authorization_code&scope=read,read_all,activity%3Aread,activity%3Aread_all&approval_prompt=force&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Foauth-callback&response_type=code
-
Approve permissions on oAuth page
-
When redirected get
codeparam -
Using that
codevalue, send api call to: https://www.strava.com/oauth/token?client_id=ID_HERE&client_secret=SECRET_HERE&code=3a6b1dbf83fe2e84e8c7e698293599765767b9ac&grant_type=authorization_code -
Use the new
access_codereturned in JSON in Bearer auth header in subsequent resource calls (for example,/api/v3/athlete/activities)
Get all activity data for syncing to DB. Can use until refresh token required.
https://developers.strava.com/docs/reference/#api-Activities-getLoggedInAthleteActivities
Using this repo as template.
May use this one too for oAuth / next.js / express
Boilerplace custom server express from Vercel