stravalib icon indicating copy to clipboard operation
stravalib copied to clipboard

Published 20 hours ago verified publisher icon hozn

Refresh token problem in exchange_code_for_token

Open pcoster opened this issue 6 years ago • 5 comments

When I call exchange_code_for_token with reasonable arguments I get the following keyError:

File "/opt/python/run/venv/local/lib/python3.6/site-packages/stravalib/client.py", line 133, in exchange_code_for_token

File "/opt/python/run/venv/local/lib/python3.6/site-packages/stravalib/protocol.py", line 131, in exchange_code_for_token

access_info['refresh_token'] = response['refresh_token']
KeyError: 'refresh_token'

Sorry.. pretty bad formatting but I hope it's not too annoying. I guess this means that the library expects to get a refresh_token in the response from Strava but it isn't getting one? The Strava documentation says it should be sending one so I'm not sure what to make of it.

https://developers.strava.com/docs/authentication/

Any ideas on how to work around it? Any help would be well appreciated, thanks.

pcoster avatar Dec 11 '18 22:12 pcoster

Looks like (for the request that I made with curl to investigate) that strava does not include the necessary info (namely 'refresh_token') in the response.

pcoster avatar Dec 12 '18 20:12 pcoster

Hmm, this is surprising and annoying. Yeah, I don't know how we're supposed to use this oauth system if they're not providing the refresh token ...

hozn avatar Dec 12 '18 20:12 hozn

I think I've got it right. Did you try to verify that they are failing to respond as it says in the documentation? I'd hate to be getting it wrong for some other reason?

pcoster avatar Dec 12 '18 20:12 pcoster

Sorry for delay in following up. I just verified that I do get a refresh_token, using the example app I added to the repository: https://github.com/hozn/stravalib/tree/master/examples/strava-oauth

Maybe try that and if it works, check the way you're exchanging for token?

hozn avatar Dec 17 '18 03:12 hozn

I suspect that if you have an older app that predates the OAuth changes then you do not receive a refresh token using the sample code.

In my use of the sample I had to change this code

url = c.authorization_url(client_id=app.config['STRAVA_CLIENT_ID'],
                              redirect_uri=url_for('.logged_in', _external=True),
                              approval_prompt='auto')

to

url = c.authorization_url(client_id=app.config['STRAVA_CLIENT_ID'],
                              redirect_uri=url_for('.logged_in', _external=True),
                              approval_prompt='auto',
                              scope='activity:read_all')

My client app now correctly authenticates and I receive the refresh token.

What is the default scope if none is supplied to the authorization_url() call?

dazzag24 avatar Feb 12 '19 14:02 dazzag24