Authorization in Packs (Strava)

Hoping someone can help me here - Possibly the unstoppable @Eric_Koleda.

The Goal: is simply to continue learning more about creating Coda Packs and increase knowledge of Javascript. Im an avid athlete and hoping to make a Strava pack.

The Problem: Authentication - I just can’t wrap my head around authentication. Can someone help me out in terms of writing the correct code to allow authentication to Strava for a Coda pack?

Heres some resources that I’ve been looking through:

More specifically, Im confused about these few things:

  • In order to generate a client_id I need to first create an application with an authorization callback domain - for the life of me I can’t figure out what that means? (see screenshot below)
  • Apparently I also need a Client Secret? Hmmmmmm. . .
Screenshot

  • Their docs say I need to implement webhooks. What?
Screenshot

Thanks for any help you can give! My goal is to make a sync table to bring in all the activities by an athlete. I know that if I can just get past this whole authorization thing I can make it the rest of the way

2 Likes

Hi Scott,

The documentation for setting up OAuth 2.0 in packs is here.

The authorization callback domain should be https://coda.io/packsAuth/oauth2.

In the pack your authentication config should look like this:

pack.setUserAuthentication({
  type: coda.AuthenticationType.OAuth2,
  authorizationUrl: "https://www.strava.com/oauth/authorize",
  tokenUrl: "https://www.strava.com/oauth/token",
});

In the docs I shared you can see the step by step to add your client_id and client_secret (which Strava will provide after you create the App filling authorization callback).

Let me know how it goes :slight_smile:

3 Likes

Thank you!!

In my first screenshot there was also a required field simply called “website”. Is that important? Any idea what I put there?

I’ll test it out this afternoon and let you know if it works @Leandro_Zubrezki

@Scott_Collier-Weir - I love how you keep pushing yourself to learn new skills, keep at it! Figuring out how to map an API’s authorization documentation to a Pack is a bit of an art, but the more times you do it the easier it will get. @Leandro_Zubrezki has put you on the right track, let us know how it goes. As to the fields that you have to supply in the API console, each API does it a little differently and requires different things. Usually the “website” field isn’t technical, it just shows up on the approval screen.

1 Like

Great great! Thank you @Eric_Koleda and @Leandro_Zubrezki

If I run into any more obstacles, Ill reach back out here

Hmmmm @Eric_Koleda and @Leandro_Zubrezki ,

Already running into issues
image

Would this be a problem with my authentication?

Heres the beginning of my code:

import * as coda from "@codahq/packs-sdk";
export const pack = coda.newPack();
pack.addNetworkDomain("strava.com")
pack.setUserAuthentication({
  type: coda.AuthenticationType.OAuth2,
  authorizationUrl: "https://www.strava.com/oauth/authorize",
  tokenUrl: "https://www.strava.com/oauth/token",
  //Might have to add scopes scopes: ["String of Scopes"]
});

Its recognizing that I’m trying to create a sync table, but can’t connect an account

Screenshot

image

And I dunno if it makes a difference, but here is my pack.addSyncTable() code:

pack.addSyncTable({
  name: "Activities",
  schema: activitySchema,
  identityName: "Activities",
  formula: {
    name: "SyncActivities",
    description: "Sync all your Strava activities",
    parameters: [],
    execute: async function ([],context){
      let url = "https://www.strava.com/api/v3/athlete/activities?per_page=100";
      let response = await context.fetcher.fetch({
        method: "GET",
        url: url
      });
      let items = response.body
      return { 
        result: items,
      }
    }
  }
})

Just to double-check, have you entered your client ID and client secret into the Settings tab of the Pack Studio editor? I still regularly forget that step, so thought I’d ask.

No absolutely not haha. I had no idea that was a thing.

I went ahead and did that, retested my pack, and now when I click “Connect Account” it brings me to this page:

{“message”:“Bad Request”,“errors”:[{“resource”:“Application”,“field”:“redirect_uri”,“code”:“invalid”}]}

Maybe Im missing scopes? I remember playing on their swagger playground and getting similar issues. . . but not entirely sure.

The only other guess I have is maybe I need to include my access token somewhere? When I create my client_id in Strava it gives me all this info

This error indicates that the redirect URL you configured in their console doesn’t match the one that Coda is using. The value should be https://coda.io/packsAuth/oauth2, which is listed in the docs and the OAuth2 dialog itself.

Yeah - I tried typing in that as a Authorization Callback Domain but when I did, Strava wouldn’t let me input that and said that:
image

Ah, interesting. Does it work with just coda.io?

Sadly - no. It does not

Ok it is a little bit special how they want the configuration:

  1. In Authorization Callback Domain just add https://coda.io or coda.io
  2. You will need to configure the pack authorization to add an additional query param, redirect_uri: https://coda.io/packsAuth/oauth2in additionalParams.
  3. You need to define the scope you want, take a look at Strava Developers for the options, this is important because if not setup correctly your request won’t work.

We will make it work :slight_smile:

Like so Im guessing?

image

Also how did you figure this stuff out?

Hmmmmmm. … Still getting this error message when attempting to authenticate within my Coda doc.

{“message”:“Bad Request”,“errors”:[{“resource”:“Application”,“field”:“redirect_uri”,“code”:“invalid”}]}

Here is the current code:
image

Also tried the scopes as

scopes: ["activity:read_all"]

but to no avail

Just scope: "activity:read_all" in additionalParams.

@Eric_Koleda do you add client_id in the query params by default? If not @Scott_Collier-Weir you need to add that to additionalParams as well.

Hmmmm it still doesnt seem to like me. Any chance I can share the pack with you?

The only other thing I can think of is that my API application on stravas site isn’t set up right?

Maybe because the scopes there are off? Under access token and refresh token it has the scopes as read. . . But for the life of me I can’t figure out how to change them

I just did some testing myself and got Strava OAuth2 working. That error message definitely seems related to having an incorrect domain in the “Authorization Callback Domain” field.

import * as coda from "@codahq/packs-sdk";
export const pack = coda.newPack();

pack.setUserAuthentication({
  type: coda.AuthenticationType.OAuth2,
  authorizationUrl: "https://www.strava.com/oauth/authorize",
  tokenUrl: "https://www.strava.com/oauth/token",
  scopes: ["read"],

  getConnectionName: async function(context) {
    let response = await context.fetcher.fetch({
      method: "GET",
      url: "https://www.strava.com/api/v3/athlete",
    });
    let user = response.body;
    return user.username;
  },
});

pack.addNetworkDomain("strava.com");

I don’t fully see how your code is different from mine?

What domain did you use for the “Authorization callback domain”?

Also did you use the additional parameter that @Leandro_Zubrezki discussed prior?

No additional parameters, and just “coda.io”.