Auth token from token endpoint is rejected during gha workflow but not locally.

[LwrncLiu]

I'm attempting to return the data from the strava api that requires authentication prior to the api call. The full .yml file can be seen here, but I have what I believe to be relevant below.

After running the workflow, the token-endpoint returns an object with access_token as a key. This is confirmed when I run the action with debug on. However, the access_token value based to the endpoint returns the following error: Error: {"message":"Authorization Error","errors":[{"resource":"Athlete","field":"access_token","code":"invalid"}]}.

However, if I take the access_token value and call the same api call locally via Postman, data is returned without error.

I'm not sure if this behavior is a Strava issue, a github action "environment" issue, or a potential bug with this github action. Any guidance is appreciated :').

    - name: Fetch data
      uses: JamesIves/fetch-api-data-action@v2
      with:
        token-endpoint: https://www.strava.com/api/v3/oauth/token
        token-configuration: '{ "method":"POST", "headers": {"Accept": "application/json, text/plain, */*", "Content-Type": "application/json"}, "body": {"client_id": "99458", "client_secret": "${{ secrets.STRAVA_CLIENT_SECRET }}", "refresh_token": "${{ secrets.STRAVA_REFRESH_TOKEN }}", "grant_type": "refresh_token", "redirect_uri": "http://localhost"} }'
        endpoint: https://www.strava.com/api/v3/athlete/activities/
        configuration: '{ "method": "GET", "headers": {"Authorization": "Bearer {{{ data.access_token }}}"} }'

[JamesIves]

Can you try the following config? 🤔 I use this action for Strava, and this is what I have configured which works.

      - name: Fetch API Data 📦
        uses: JamesIves/fetch-api-data-action@releases/v1
        with:
          TOKEN_ENDPOINT: https://www.strava.com/api/v3/oauth/token
          TOKEN_CONFIGURATION: '{ "method": "POST", "body": {"client_id": "${{ secrets.client_id }}", "client_secret": "${{ secrets.client_secret }}"} }'
          ENDPOINT: https://www.strava.com/api/v3/athlete/activities
          CONFIGURATION: '{ "method": "GET", "headers": {"Authorization": "Bearer {{{ data.access_token }}}"} }'
          SAVE_NAME: strava

Based on this blog post

[LwrncLiu]

I actually stumbled across your blog first which introduced me to your GHA lol.

I do receive an access_token with my current TOKEN_CONFIGURATION params. This is confirmed when running the gha with debug=True. I tried your config of only passing a client_id and client_secret and received

{
     "resource": "AuthorizationCode",
     "field": "code",
     "code": "invalid"
 }

This may be a question for the Strava API community, but by any chance, do you remember if the Authorization Callback Domain in the strava app needs to be set to a specific github domain for the GHA to work? It's currently set to "localhost" for me.

[JamesIves]

Did you follow this guide to generate all of the tokens? It's been a while, but I remember needing to do a series of manual steps to generate the scoped key first, and then you can use them to hit the oauth/token endpoint.