Spaces:

burtenshaw
/

strava-mcp

Running

App Files Files Community

burtenshaw commited on Sep 15

Commit

2e832d9

1 Parent(s): 84c7caa

make auth steps more explicit

Browse files

Files changed (2) hide show

check_token_scopes.py +126 -0
strava_mcp/gradio_server.py +39 -6

check_token_scopes.py ADDED Viewed

	@@ -0,0 +1,126 @@

+#!/usr/bin/env python3
+"""
+Utility script to check what scopes are available with your current refresh token.
+This helps diagnose scope-related issues.
+"""
+import asyncio
+import os
+import sys
+from datetime import datetime
+import httpx
+async def check_token_scopes(client_id: str, client_secret: str, refresh_token: str):
+    """Check what scopes are available with the given refresh token."""
+    print("🔍 Checking refresh token scopes...")
+    try:
+        # Refresh the access token
+        async with httpx.AsyncClient() as client:
+            response = await client.post(
+                "https://www.strava.com/oauth/token",
+                json={
+                    "client_id": client_id,
+                    "client_secret": client_secret,
+                    "refresh_token": refresh_token,
+                    "grant_type": "refresh_token",
+                },
+            )
+            if response.status_code != 200:
+                print(
+                    f"❌ Failed to refresh token: {response.status_code} - {response.text}"
+                )
+                return False
+            token_data = response.json()
+            access_token = token_data["access_token"]
+            scope = token_data.get("scope", "unknown")
+            print(f"✅ Token refresh successful")
+            print(f"📋 Available scopes: {scope}")
+            # Check if we have the required scopes
+            required_scopes = ["read", "activity:read"]
+            missing_scopes = []
+            for req_scope in required_scopes:
+                if req_scope not in scope:
+                    missing_scopes.append(req_scope)
+            if missing_scopes:
+                print(f"❌ Missing required scopes: {', '.join(missing_scopes)}")
+                print("🔧 You need to get a new refresh token with the correct scopes")
+                return False
+            else:
+                print("✅ All required scopes are present")
+                # Test a simple API call
+                print("\n🧪 Testing API call to /athlete/activities...")
+                response = await client.get(
+                    "https://www.strava.com/api/v3/athlete/activities",
+                    headers={"Authorization": f"Bearer {access_token}"},
+                    params={"per_page": 1},
+                )
+                if response.status_code == 200:
+                    print("✅ API call successful! Your token works correctly.")
+                    activities = response.json()
+                    print(f"📊 Found {len(activities)} activities in test call")
+                    return True
+                else:
+                    print(
+                        f"❌ API call failed: {response.status_code} - {response.text}"
+                    )
+                    return False
+    except Exception as e:
+        print(f"❌ Error checking token: {e}")
+        return False
+def main():
+    """Main function."""
+    print("🔐 Strava Refresh Token Scope Checker\n")
+    # Get credentials from environment or command line
+    client_id = os.environ.get("STRAVA_CLIENT_ID")
+    client_secret = os.environ.get("STRAVA_CLIENT_SECRET")
+    refresh_token = os.environ.get("STRAVA_REFRESH_TOKEN")
+    if len(sys.argv) == 4:
+        client_id = sys.argv[1]
+        client_secret = sys.argv[2]
+        refresh_token = sys.argv[3]
+    elif not all([client_id, client_secret, refresh_token]):
+        print("Usage:")
+        print(
+            "  python check_token_scopes.py <client_id> <client_secret> <refresh_token>"
+        )
+        print(
+            "  Or set environment variables: STRAVA_CLIENT_ID, STRAVA_CLIENT_SECRET, STRAVA_REFRESH_TOKEN"
+        )
+        sys.exit(1)
+    # Run the check
+    success = asyncio.run(check_token_scopes(client_id, client_secret, refresh_token))
+    if not success:
+        print("\n🚨 SOLUTION:")
+        print("1. Go to your Hugging Face Space")
+        print("2. Click on the 'OAuth Helper' tab")
+        print(
+            "3. Follow the instructions to get a new refresh token with correct scopes"
+        )
+        print(
+            "4. Update your STRAVA_REFRESH_TOKEN environment variable or use the Authentication tab"
+        )
+    sys.exit(0 if success else 1)
+if __name__ == "__main__":
+    main()

strava_mcp/gradio_server.py CHANGED Viewed

@@ -85,12 +85,14 @@ def get_authorization_url() -> str:
     # For Hugging Face Spaces, we need to provide a redirect URI that points to a manual flow
     redirect_uri = "http://localhost:3008/exchange_token"  # This is just for display
-    auth_url = f"https://www.strava.com/oauth/authorize?client_id={client_id}&redirect_uri={redirect_uri}&response_type=code&scope=activity:read_all,read_all,profile:read_all&approval_prompt=force"
     instructions = f"""
 🔐 **Manual OAuth Setup Instructions:**
-1. **Click this link to authorize with Strava:**
    {auth_url}
 2. **After authorization, you'll be redirected to a page that might show an error (this is expected)**
@@ -106,7 +108,9 @@ def get_authorization_url() -> str:
      -d grant_type=authorization_code
    ```
-5. **Copy the 'refresh_token' from the response** and paste it in the "Refresh Token" field above.
 ⚠️ **Note:** You'll need your STRAVA_CLIENT_SECRET for step 4. Contact the app administrator if you don't have it.
 """
@@ -140,7 +144,18 @@ async def get_user_activities(
         return [activity.model_dump() for activity in activities]
     except Exception as e:
         logger.error(f"Error getting user activities: {str(e)}")
-        raise gr.Error(f"Failed to get activities: {str(e)}")
 async def get_activity_details(
@@ -165,7 +180,16 @@ async def get_activity_details(
         return activity.model_dump()
     except Exception as e:
         logger.error(f"Error getting activity details: {str(e)}")
-        raise gr.Error(f"Failed to get activity details: {str(e)}")
 async def get_activity_segments(activity_id: int) -> List[Dict]:
@@ -186,7 +210,16 @@ async def get_activity_segments(activity_id: int) -> List[Dict]:
         return [segment.model_dump() for segment in segments]
     except Exception as e:
         logger.error(f"Error getting activity segments: {str(e)}")
-        raise gr.Error(f"Failed to get activity segments: {str(e)}")
 def create_interface():

     # For Hugging Face Spaces, we need to provide a redirect URI that points to a manual flow
     redirect_uri = "http://localhost:3008/exchange_token"  # This is just for display
+    auth_url = f"https://www.strava.com/oauth/authorize?client_id={client_id}&redirect_uri={redirect_uri}&response_type=code&scope=read_all,activity:read,activity:read_all,profile:read_all&approval_prompt=force"
     instructions = f"""
 🔐 **Manual OAuth Setup Instructions:**
+**⚠️ IMPORTANT:** If you're getting "activity:read_permission missing" errors, it means your current refresh token was created without the correct scopes. You MUST follow these steps to get a new token.
+1. **Click this link to authorize with Strava (with correct scopes):**
    {auth_url}
 2. **After authorization, you'll be redirected to a page that might show an error (this is expected)**
      -d grant_type=authorization_code
    ```
+5. **Copy the 'refresh_token' from the response** and paste it in the "Authentication" tab above.
+🔍 **Required Scopes:** This URL includes the correct scopes: `read_all`, `activity:read`, `activity:read_all`, `profile:read_all`
 ⚠️ **Note:** You'll need your STRAVA_CLIENT_SECRET for step 4. Contact the app administrator if you don't have it.
 """
         return [activity.model_dump() for activity in activities]
     except Exception as e:
         logger.error(f"Error getting user activities: {str(e)}")
+        error_msg = str(e)
+        # Check for scope-related errors and provide helpful guidance
+        if "activity:read_permission" in error_msg and "missing" in error_msg:
+            raise gr.Error(
+                "❌ Authorization Error: Your refresh token doesn't have the required 'activity:read' permission. "
+                "This means your token was created without the correct scopes. "
+                "Please use the 'OAuth Helper' tab to get a new authorization URL with the correct scopes, "
+                "then follow the steps to get a new refresh token with the proper permissions."
+            )
+        else:
+            raise gr.Error(f"Failed to get activities: {error_msg}")
 async def get_activity_details(
         return activity.model_dump()
     except Exception as e:
         logger.error(f"Error getting activity details: {str(e)}")
+        error_msg = str(e)
+        # Check for scope-related errors and provide helpful guidance
+        if "activity:read_permission" in error_msg and "missing" in error_msg:
+            raise gr.Error(
+                "❌ Authorization Error: Your refresh token doesn't have the required 'activity:read' permission. "
+                "Please use the 'OAuth Helper' tab to get a new refresh token with the correct scopes."
+            )
+        else:
+            raise gr.Error(f"Failed to get activity details: {error_msg}")
 async def get_activity_segments(activity_id: int) -> List[Dict]:
         return [segment.model_dump() for segment in segments]
     except Exception as e:
         logger.error(f"Error getting activity segments: {str(e)}")
+        error_msg = str(e)
+        # Check for scope-related errors and provide helpful guidance
+        if "activity:read_permission" in error_msg and "missing" in error_msg:
+            raise gr.Error(
+                "❌ Authorization Error: Your refresh token doesn't have the required 'activity:read' permission. "
+                "Please use the 'OAuth Helper' tab to get a new refresh token with the correct scopes."
+            )
+        else:
+            raise gr.Error(f"Failed to get activity segments: {error_msg}")
 def create_interface():