TokenService (Strava API 0.3.1-SNAPSHOT API)

Skip navigation links

Prev Class
Next Class

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

All Known Implementing Classes:

TokenServiceImpl
```
public interface TokenService
```
Authentication

Strava uses OAuth2 as an authentication protocol. It allows external applications to request authorisation to a user's private data without requiring their Strava username and password. It allows users to grant and revoke API access on a per-application basis and keeps users' authentication details safe.

All developers need to register their application before getting started. A registered application will be assigned a Client ID and Client SECRET. The SECRET should never be shared.

Web Application Flow

The process begins by redirecting a browser to a Strava URL with a set of query parameters that indicate the type of Strava API access the application requires. Strava handles the user authentication and consent.

If the user authorises the application, Strava will return an authorisation code to the web server application. The application must still complete the process by exchanging the code for an access token.

This is done by presenting a client_id and client_secret (obtained during application registration), along with the authorisation code, to Strava. Upon success, an access token will be returned that can be used to access the API on behalf of the user.

Users can revoke access on their settings page.

Author:

Dan Shannon

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`TokenResponse`	`deauthorise(Token accessToken)` Allows an application to revoke its access to an athlete's data.

- Method Detail
  - deauthorise
```
TokenResponse deauthorise(Token accessToken)
                   throws UnauthorizedException
```
    Allows an application to revoke its access to an athlete's data.
    
    This will invalidate all access tokens associated with the athlete, application pair used to create the token. The application will be removed from the StravaAthlete Settings page on Strava.
    
    All requests made using invalidated tokens will receive a 401 Unauthorised response.
    
    URL POST https://www.strava.com/oauth/deauthorize
    
    Parameters:
    
    accessToken - The access token for which the application is revoking its access.
    
    Returns:
    
    Responds with the access token submitted with the request.
    
    Throws:
    
    UnauthorizedException - if the token is not allowed to be deauthorised
    
    See Also:
    
    http://strava.github.io/api/v3/oauth/#deauthorize

Skip navigation links

Prev Class
Next Class

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

Copyright © 2015 Dan Shannon. All rights reserved.