Workaround: oAuth fails with empty `scope` parameter - Githubissues

iamstuartwilson / strava

PHP Class for the Strava API (v3)

MIT License

120 stars 26 forks source link

Workaround: oAuth fails with empty `scope` parameter #8

Closed mjaschen closed 9 years ago

mjaschen commented 9 years ago

Strava responds with 400 Bad Request when an empty scope parameter is sent in the first authorization request.

A request to the following URL will fail:

https://www.strava.com/oauth/authorize?client_id=XXXXX&redirect_uri=YYYYY&response_type=code&scope=&approval_prompt=auto&state=default

Error message:

{"message":"Bad Request","errors":[{"resource":"Authorize","field":"scope","code":"invalid"}]}

The authorization flow works as intended if the scope parameter is removed from the query string:

https://www.strava.com/oauth/authorize?client_id=XXXXX&redirect_uri=YYYYY&response_type=code&approval_prompt=auto&state=default

Interesting: the API didn’t show this behaviour some months ago.

I’ve made the according changes to the StravaApi class - the scope parameter is only sent with the oAuth request if it was explicitly set.

iamstuartwilson commented 9 years ago

Great work as always @mjaschen! Thanks, and happy riding :bike: