oauth.getToken() wrongly requires access_token

Question

oauth.getToken() wrongly requires access_token

markstos opened this issue 7 years ago · 4 comments

The oauth/token endpoint does not require that an access token be sent to Strava.

However, this library implements it using oauth.getToken() and the shared util.postEndpoint() function, which does require an access token because another consumer of postEndpoint does require an access_token.

For privacy and security, calls to oauth.getToken() should not require an access_token.

Answer 1 · 2017-05-09T14:38:03.000Z

I may address this today as part of another refactor I'm working on.

Answer 2 · 2019-05-11T21:04:59.000Z

I'm still having this issue, is there a workaround?

Answer 3 · 2019-05-13T14:11:00.000Z

@mattgreenfield Yes. You can use my ra-fixes branch, which addresses this and a number of other items: https://github.com/rideamigoscorp/node-strava-v3/tree/ra-fixes Or you could look more narrowly at the patches linked here and patch your own copy.

Finally, you could use Strava's officially supported approach which is to use generated code to generate a JavaScript client library based off their Swagger definition: https://developers.strava.com/docs/#client-code.

The project maintainers of this repo haven't updated it in a couple of years, so I would expect new activity here soon.

Answer 4 · 2019-09-24T13:52:44.000Z

This fix will appear in the next release.