Strava API refresh token doesn't issued after first authorization

1
votes

maybe someone could help me, I'm trying to get the refresh token issued after the first authorization of an Athlete with my application, the Oauth 2.0 works fine in postman and i can get the refresh token this way, but not in my persnoal php script ... I only got this kind of JSON response : 

{
  "token_type": "Bearer",
  "access_token": "ACCESS_TOKEN",
  "athlete": {
    #{summary athlete representation}
  }
}

But i'm waiting for a refresh token and a expiration date like the Strava API documentation demonstrate in this example: 

{
  "token_type": "Bearer",
  "access_token": "987654321234567898765432123456789",
  "athlete": {
    #{summary athlete representation}
  }
  "refresh_token": "1234567898765432112345678987654321",
  "expires_at": 1531378346,
  "state": "STRAVA"
}

I've tryed to revoke access to the application from the test-account, to simulate a new auth request, many times, but i don't find the answer, here his my code to call the token exchange URL :

<?php 
require 'config.php';
$code = $_GET['code'];


//The url you wish to send the POST request to
$url = "https://www.strava.com/oauth/token";

//The data you want to send via POST
$fields = [
    'client_id'      => $client_ID,
    'client_secret' => $client_secret,
    'code'         => $code,
    'grant_type' => 'authorization_code'
];

//url-ify the data for the POST
$fields_string = http_build_query($fields);

//open connection
$ch = curl_init();

//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);

//So that curl_exec returns the contents of the cURL; rather than echoing it
curl_setopt($ch,CURLOPT_RETURNTRANSFER, true); 

//execute post
$result = curl_exec($ch);
echo $result;
print_r(curl_error($ch))
?>

PS : the Oauth 2.0 works fine in postman and i can get the refresh token this way, but not in my persnoal php script ...

Thx for helping.

1
phpapioauth-2.0refresh-tokenstrava
which scope parameters do you use when calling https://www.strava.com/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI&response_type=code&scope=YOUR_SCOPE?tezzo
Hi, thx for reply, i've found the solution but you're right, it was a scope parameter, i was providing a wrong scope, and with scope=read_all&scope=activity:read_all, it works perfectly.Maxime
if you use an old scope (e.g. view_private) you receive an access token with no expires_at information (forever token) that will work until 15th october 2019 (developers.strava.com/docs/oauth-updates/…)tezzo
forever token ... expires at 15th october 2019, i think i'll didn't use it, and take the refresh token system in consideration in the developpment of the app. Thanks a lotMaxime
strava calls them forever token in migration instructions! ;)tezzo

1 Answers

2
votes

Finally found the solution, it was a scope parameter, I was providing a wrong scope, and with scope=read_all&scope=activity:read_all, it works perfectly.