strava | Create artistic visualisations with your exercise data | Data Visualization library

I am searching for a possibility to make my Wear OS 3 app have a simple splash screen. I cannot find anything specific, but I read that Android 12 introduced an automatic splash screen for every app. Don't know if that applies to Wear OS 3 though.

I can see multiple Apps (e.g. Spotify and Strava) on my Galaxy Watch 4 starting with a similar splash screen: On click on the app icon in the "app drawer", the icon moves from the app drawer position to the center for 1-2 seconds while a black background appears. After that the app is shown. My guess would be those splash screens are generated by Android. But my app only shows a black screen until the app first draws. I artificially delayed the startup of my app via Thread.sleep in my OnCreate. (If that is a problem, please tell me how to artificially create a delay to test the splash screen)

If not clear already: I would like to have the same kind of splash screen as the others for my app.

Help is much appreciated! Thank you in advance for any suggestions

I am developing an Sports Mobile App with flutter (mobile client) that tracks it's users activity data. After tracking an activity (swimming, running, walking ...) it calls a REST API developed by me (with springboot) passing that activity data with a POST. Then, my user will be able to view the logs of his tracked activities calling the REST API with a GET.

As I know that my own tracking development isn't as good as Strava, Garmin, Huawei and so on ones, I want to let my app users to connect with their Strava, Garmin and so on accounts to get their activities data, so I need users to authorize my app to get that data using OAuth.

In a first approach, I have managed to develop all the flow of OAuth with flutter using the Authorization Code Grant. The authorization server login is launched by flutter in a user agent (chrome tab), and once the resource owner has done the login and authorize my flutter app, my flutter app takes the authorization code and the calls to the authorization server to get the tokens . So I can say, that my client is my flutter App. When the oauth flow is done, I send the tokens to my Rest API in order to store them in a database.

My first idea was to send those tokens to my backend app in order to store them in a database and develop a process that takes those tokens, consult resource servers, parses each resource server json response actifvities to my rest API activity model ones and store in my database. Then, if a resource owner consults its activities calling my Rest API, he would get a response with all the activities (the mobiles app tracked ones + Strava, Garmin, resource servers etc ones stores in my db).

I have discarded the option to do the call to the resource servers directly from my client and to my rest api when a user pushes a syncronize button and mapping those responses directly in my client because I need the data of those resource servers responses in the backend in order to implement a medal functionality. Further more, Strava, Garmin, etc have limits of usage and I don't want to let my resource owners the hability to push the button the times they want.

Here is the flow of my first idea:

Steps:

1. Client calls the authorization server launching a user agent to an oauth login. In order to make the resource owner login and authorize. The url and the params are hardcoded are hardcoded in my client.

2. Resource owner logins and authorize client.

3. Callback is sent with code.

4. Client captures code of the callback and makes a post to he authorization server to get the tokens. As some authorization servers accept PKCE, I am using PKCE when its possible, to avoid attacks and hardcoding my client secret in my client. Others like Strava's, don't allow PKCE, so I have to hardcode the client secret in my client in order to get the tokens.

5. Once the tokens are returned to my client, I send them to my rest api and store in a database identifying the tokens resource owner.

To call the resource server:

1. One periodic process takes the tokens of each resource owner and updates my database with the activities returned from each resource server.

2. The resource owner calls the rest api and obtains all the activities.

The problem to this first idea is that some of the authorization servers allow implementing PKCE (Fitbit) and others use the client secret to create the tokens (Strava). As I need the client secret to get the tokens for some of those authorization servers, I have hardcoded the secrets in the client and that is not secure.

I know that it is dangerous to insert the client secrets into the client as a hacker can decompile my client and get the client secret. I can't figure how to get the resource owner tokens of Strava without hardcoding the client secret if PKCE is not allowed in the authorization server.

As I don't want to hardcode my client secrets in my client because it is insafe and I want to store the tokens in my db, I dont see my first approach as a good option. Further more, I am creating a POST request to my REST API in order to store the access token and refresh token in my database and if i am not wrong, that process can be done directly from the backend.

I am in the situation that I have developed a public client (mobile app) that has hardcoded the client secrets because I can't figure how to avoid doing that when PKCE isn't allowed by the authorization server to get the tokens.

So after thinking on all those problems, my second idea is to take advantage of my REST API and do the call to the authorization server from there. So my client would be confidential and I would do the OAuth flow with a Server-side Application.

My idea is based on this image.

In order to avoid the client secret hardcoding in my mobile client, could the following code flow based on the image work and be safe to connect to Strava, Garmin, Polar....?

Strava connection example:

MOBILE CLIENT

• Mobile public Client Calls my Rest API to get as a result the URI of Strava Authorization server login with needed params such as: callback, redirect_uri, client_it, etc.

• Mobile client Catches the Rest API GET response URI.

• Mobile client launches a user agent (Chrome custom tab) and listen to the callback.

USER AGENT

• The login prompt to strava is shown to the resource owner.

• The resource owner inserts credentials and pushes authorize.

• Callback is launched

MOBILE CLIENT

• When my client detects the callback, return to client and stract the code from the callback uri.

• Send that code to my REST API with a post. (https://myrestapi with the code in the body)

REST API CLIENT

• Now, the client is my REST API, as it is going to be the one that calls the authorization server with the code obtained by the mobile client. The client will take that code and with the client secret hardcoded in it will call to the Authorization server. With this approach, the client secret is no more in the mobile client, so it is confidential.

• The authorization server returns the tokens and I store them in a database.

THE PROCESS

• Takes those tokens from my database and make calls to the resource servers of strava to get the activities. Then parses those activities to my model and stores them into the database.

Is this second approach a good way to handle the client secrets in order to avoid making them public? Or I am doing something wrong? Whatr flow could I follow to do it in the right way? I am really stuck with this case, and as I am new to OAuth world I am overwhelmed with all the information I have read.

I am trying to customise the error responses in a Symfony app (6.0). The app makes as request using http client to an external API using an oauth token exchange. If the token is not valid the API gives a 401 response

The following MWE should correctly display the number of the figure by referring to it with \@ref(fig:chunk-label) yet the reference is not found by the function. Is there any option that I have to add to the chunk header to achieve a correct reference?

MWE :

I've tried quite a few things and read a lot of examples of using the data returned by Fetch as an object to put into a table or similar but I can't seem to get it. The following code authorises the Strava user to use my test App and then gets the Users last 30 activities. Once data is returned as a Promise I can view it in the console, but not use it. I'm a bit of a novice so just need some direction on how to use this data in table.

//my code is below

I have created a simple script to fetch Strava activities and save them to a mongoDB, but I ran into the following problem:

My database connections gets disconnected before the activities can be fetched and commited. The following code outputs:

I have been playing around with the Strava developer API a bit and been building a basic React app to fetch soem Starva activites and display it in a list. Repo can be found here.

I have a map that renders the activity route in this component.

I don't understand why this ValueError occurs?

• Post request

I'm trying to develop my first java Spring Bboot app that calls Strava API and gets my activities for the given period of time. I've registered my app on Strava's website and got client_id and client secret. I've generated spring-swagger-codegen-api-client and awtowired the client to the app.