Aura Auth
OAuth Providers

Strava Authorization Provider

Add Strava authorization provider to Aura Auth to authentication and authorize

Strava

Set up Strava authorization provider to the authentication instance to Aura Auth.

What you'll learn

Through this quick start guide you are going to learn and understand the basics and how to set up Strava provider to Aura Auth.

Strava OAuth App

Creating an OAuth app

The first step is create and register a Strava App to grant to have access to the user's accessible resources like Get Authenticated Athlete (Used by Aura Auth), Activities, Clubs, Routes, Segments etc. For more detailed information read Getting Started with the Strava API, Strava Authentication and Strava API v3.

Registering an Strava OAuth app includes:

  • Application Name: The name displayed when users authorize the app.
  • Category: The application category (Charity, Data Importer, Indoor, Mobile App, Performance Analysis, Prints, Social Motivation, Training, Visualizer, or Wellness).
  • Club: The club associated with the application (based on the creating account).
  • Website: The application's home URL.
  • Application Description: A description of the application.
  • Authorization Callback Domain: The domain where Strava redirects after authorization. It should end with /auth/callback/strava for both local and production environments.
    • Local: http://localhost:3000/auth/callback/strava
    • Production: Set to your application's production URL.

Strava Aura Auth

Installation

install the package using a package manager like npm, pnpm or yarn

npm install @aura-stack/auth

Environment setup

Now, it's time to create and consume the strava credentials required and used by Aura Auth, it include the client Id and client Secret and write them into a .env file.

Additionally set the secret used by Aura Auth to sign and encrypt the user's session.

.env
# strava Credentials
AURA_AUTH_STRAVA_CLIENT_ID="strava_client_id"
AURA_AUTH_STRAVA_CLIENT_SECRET="strava_client_secret"

# Aura Secret
AURA_AUTH_SECRET="32-bytes-secret"

The AURA_AUTH_SECRET will recommended to be random and high antropy key to avoid attackers decifer the secret used by the Aura Auth application.

Configure the provider

Set the oauth option of the createAuth instance and writing "strava" name.

@/auth
import { createAuth } from "@aura-stack/auth"

export const auth = createAuth({
  oauth: ["strava"],
})

export const { handlers } = auth

Get HTTP Handlers

Use the HTTP handlers to consume the authentication logic and flow the Aura Auth library to be integrated into routers and frameworks.

backend.ts
import { handlers } from "@/auth"

export const { GET, POST } = handlers

The returned handlers include pre-built routes used in OAuth flows (/signIn/:oauth, /callback/:oauth, /session, /signOut and /csrfToken). You can mount them in Express, Hono, Next.js, or any runtime that supports native Request and Response APIs.

Resources

Spotify Authorization Provider

Configure the Spotify OAuth 2.0 provider in Aura Auth for authentication and authorization.

X (Twitter) Authorization Provider

Configure the X OAuth 2.0 provider in Aura Auth for authentication and authorization.

On this page

StravaWhat you'll learnStrava OAuth AppCreating an OAuth appStrava Aura AuthInstallationEnvironment setupConfigure the providerGet HTTP HandlersResources