Automatically trigger oauth flow to get a refresh token when necessary

README.md

@@ -46,20 +46,26 @@ Alternatively, you can create a `.env` file in the root directory with these var
 
 ### Authentication
 
-The server now includes an automatic OAuth flow:
+The server includes an automatic OAuth flow using a separate local web server:
 
-1. The first time you make a request to the Strava API, the server will check if you have a refresh token.
-2. If no refresh token is found, it will automatically open your browser to the Strava authorization page.
+1. The first time you make a request to the Strava API, the system checks if you have a refresh token.
+2. If no refresh token is found, it automatically starts a standalone OAuth server and opens your browser to the Strava authorization page.
 3. After authorizing the application in your browser, you'll be redirected to a local callback page.
-4. The server will automatically obtain and store the refresh token for future use.
+4. The server automatically obtains and stores the refresh token for future use.
 
-You can also set the refresh token manually if preferred:
+You can also get a refresh token manually by running:
+
+```bash
+python get_token.py
+```
+
+Or set the refresh token directly if you already have one:
 
 ```bash
 export STRAVA_REFRESH_TOKEN=your_refresh_token
 ```
 
-This approach eliminates the need to manually go through the authorization flow and copy/paste tokens.
+This approach eliminates the need to manually go through the authorization flow and copy/paste tokens. The OAuth flow uses your `STRAVA_CLIENT_ID` and `STRAVA_CLIENT_SECRET` environment variables.
 
 ## Usage
 
@@ -139,10 +145,14 @@ Gets the leaderboard for a specific segment.
   - `config.py`: Configuration settings using pydantic-settings
   - `models.py`: Pydantic models for Strava API entities
   - `api.py`: Low-level API client for Strava
+  - `auth.py`: Strava OAuth authentication implementation
+  - `oauth_server.py`: Standalone OAuth server implementation
   - `service.py`: Service layer for business logic
   - `server.py`: MCP server implementation
 - `tests/`: Unit tests
 - `main.py`: Entry point to run the server
+- `get_token.py`: Utility script to get a refresh token manually
+- `standalone_server.py`: Utility web server for testing OAuth flow
 
 ### Running Tests
 

get_token.py

@@ -0,0 +1,54 @@
+#!/usr/bin/env python
+"""Script to get a Strava refresh token through OAuth flow."""
+
+import asyncio
+import logging
+import os
+import sys
+from strava_mcp.oauth_server import get_refresh_token_from_oauth
+
+# Configure logging
+logging.basicConfig(
+    level=logging.INFO,
+    format="%(asctime)s - %(name)s - %(levelname)s - %(message)s",
+)
+logger = logging.getLogger(__name__)
+
+
+async def main():
+    """Get a Strava refresh token."""
+    # Check if client_id and client_secret are provided as env vars
+    client_id = os.environ.get("STRAVA_CLIENT_ID")
+    client_secret = os.environ.get("STRAVA_CLIENT_SECRET")
+    
+    # If not provided as env vars, check command line args
+    if not client_id or not client_secret:
+        if len(sys.argv) != 3:
+            print("Usage: python get_token.py <client_id> <client_secret>")
+            print("Or set STRAVA_CLIENT_ID and STRAVA_CLIENT_SECRET environment variables")
+            sys.exit(1)
+        client_id = sys.argv[1]
+        client_secret = sys.argv[2]
+    
+    print("\nStarting Strava OAuth flow to get a refresh token...")
+    
+    try:
+        token = await get_refresh_token_from_oauth(client_id, client_secret)
+        print("\n=================================================================")
+        print("SUCCESS! Add this to your environment variables:")
+        print(f"export STRAVA_REFRESH_TOKEN={token}")
+        print("=================================================================\n")
+        
+        # Also write to a file for easy access
+        with open("strava_token.txt", "w") as f:
+            f.write(f"STRAVA_REFRESH_TOKEN={token}\n")
+        print(f"Token also saved to strava_token.txt\n")
+        
+    except Exception as e:
+        logger.exception("Error getting refresh token")
+        print(f"Error: {e}")
+        sys.exit(1)
+
+
+if __name__ == "__main__":
+    asyncio.run(main())

strava_mcp/api.py

@@ -139,18 +139,38 @@ class StravaAPI:
         if self.access_token and self.token_expires_at and now < self.token_expires_at:
             return self.access_token
 
-        # If we don't have a refresh token, try to get one through auth flow
+        # If we don't have a refresh token, try to get one through standalone OAuth flow
         if not self.settings.refresh_token:
-            logger.warning("No refresh token available, attempting to start auth flow")
+            logger.warning("No refresh token available, launching standalone OAuth server")
             try:
-                self.settings.refresh_token = await self.start_auth_flow()
+                # Import here to avoid circular import
+                from strava_mcp.oauth_server import get_refresh_token_from_oauth
+                
+                logger.info("Starting OAuth flow to get refresh token")
+                self.settings.refresh_token = await get_refresh_token_from_oauth(
+                    self.settings.client_id,
+                    self.settings.client_secret
+                )
+                logger.info("Successfully obtained refresh token from OAuth flow")
             except Exception as e:
-                error_msg = f"Failed to start auth flow: {e}"
+                error_msg = f"Failed to get refresh token through OAuth flow: {e}"
                 logger.error(error_msg)
-                raise Exception(
-                    "No refresh token available and could not start auth flow. "
-                    "Please set STRAVA_REFRESH_TOKEN manually in your environment variables."
-                ) from e
+                
+                # Fall back to the original auth flow if available and requested
+                if self.app and not self.auth_flow_in_progress:
+                    logger.info("Falling back to MCP-integrated auth flow")
+                    try:
+                        self.settings.refresh_token = await self.start_auth_flow()
+                    except Exception as fallback_error:
+                        raise Exception(
+                            "No refresh token available and all auth flows failed. "
+                            "Please set STRAVA_REFRESH_TOKEN manually in your environment variables."
+                        ) from fallback_error
+                else:
+                    raise Exception(
+                        "No refresh token available and OAuth flow failed. "
+                        "Please set STRAVA_REFRESH_TOKEN manually in your environment variables."
+                    ) from e
 
         # Now that we have a refresh token, refresh the access token
         async with httpx.AsyncClient() as client:

strava_mcp/oauth_server.py

@@ -0,0 +1,192 @@
+"""A standalone local server for handling Strava OAuth flow."""
+
+import asyncio
+import logging
+import os
+import threading
+import webbrowser
+from contextlib import asynccontextmanager
+
+import uvicorn
+from fastapi import FastAPI
+
+from strava_mcp.auth import StravaAuthenticator, REDIRECT_HOST, REDIRECT_PORT
+
+# Configure logging
+logging.basicConfig(
+    level=logging.INFO,
+    format="%(asctime)s - %(name)s - %(levelname)s - %(message)s",
+)
+logger = logging.getLogger(__name__)
+
+
+class StravaOAuthServer:
+    """A standalone server for handling Strava OAuth flow."""
+
+    def __init__(
+        self, 
+        client_id: str, 
+        client_secret: str,
+        host: str = REDIRECT_HOST,
+        port: int = REDIRECT_PORT
+    ):
+        """Initialize the OAuth server.
+
+        Args:
+            client_id: Strava API client ID
+            client_secret: Strava API client secret
+            host: Host for the server
+            port: Port for the server
+        """
+        self.client_id = client_id
+        self.client_secret = client_secret
+        self.host = host
+        self.port = port
+        self.authenticator = None
+        self.app = None
+        self.server_thread = None
+        self.token_future = asyncio.Future()
+        self.server_task = None
+        self.server = None
+
+    async def get_token(self) -> str:
+        """Get a refresh token by starting the OAuth flow.
+
+        Returns:
+            The refresh token
+
+        Raises:
+            Exception: If the OAuth flow fails
+        """
+        # Initialize the server if it hasn't been done yet
+        if not self.app:
+            await self._initialize_server()
+
+        # Open browser to start authorization
+        auth_url = self.authenticator.get_authorization_url()
+        logger.info(f"Opening browser to authorize with Strava: {auth_url}")
+        webbrowser.open(auth_url)
+
+        # Wait for the token
+        try:
+            refresh_token = await self.token_future
+            logger.info("Successfully obtained refresh token")
+            return refresh_token
+        except asyncio.CancelledError:
+            logger.error("Token request was cancelled")
+            raise Exception("OAuth flow was cancelled")
+        except Exception as e:
+            logger.exception("Error during OAuth flow")
+            raise Exception(f"OAuth flow failed: {str(e)}")
+        finally:
+            # Stop the server once we have the token
+            await self._stop_server()
+
+    async def _initialize_server(self):
+        """Initialize the FastAPI server for OAuth flow."""
+        @asynccontextmanager
+        async def lifespan(app: FastAPI):
+            yield
+            # Cleanup resources if needed
+            logger.info("OAuth server shutting down")
+
+        # Create FastAPI app
+        self.app = FastAPI(
+            title="Strava OAuth",
+            description="OAuth server for Strava authentication",
+            lifespan=lifespan,
+        )
+
+        # Initialize authenticator
+        self.authenticator = StravaAuthenticator(
+            client_id=self.client_id,
+            client_secret=self.client_secret,
+            app=self.app,
+            host=self.host,
+            port=self.port,
+        )
+
+        # Store our token future in the authenticator
+        self.authenticator.token_future = self.token_future
+
+        # Set up routes
+        self.authenticator.setup_routes(self.app)
+
+        # Start server in a separate task
+        self.server_task = asyncio.create_task(self._run_server())
+        
+        # Wait a moment for the server to start
+        await asyncio.sleep(0.5)
+
+    async def _run_server(self):
+        """Run the uvicorn server."""
+        config = uvicorn.Config(
+            app=self.app,
+            host=self.host,
+            port=self.port,
+            log_level="info",
+        )
+        self.server = uvicorn.Server(config)
+        try:
+            await self.server.serve()
+        except Exception as e:
+            logger.exception("Error running OAuth server")
+            if not self.token_future.done():
+                self.token_future.set_exception(e)
+
+    async def _stop_server(self):
+        """Stop the uvicorn server."""
+        if self.server:
+            self.server.should_exit = True
+            if self.server_task:
+                try:
+                    await asyncio.wait_for(self.server_task, timeout=5.0)
+                except asyncio.TimeoutError:
+                    logger.warning("Server shutdown timed out")
+
+
+async def get_refresh_token_from_oauth(client_id: str, client_secret: str) -> str:
+    """Get a refresh token by starting a standalone OAuth server.
+
+    Args:
+        client_id: Strava API client ID
+        client_secret: Strava API client secret
+
+    Returns:
+        The refresh token
+
+    Raises:
+        Exception: If the OAuth flow fails
+    """
+    server = StravaOAuthServer(client_id, client_secret)
+    return await server.get_token()
+
+
+if __name__ == "__main__":
+    # This allows running this file directly to get a refresh token
+    import sys
+    
+    # Check if client_id and client_secret are provided as env vars
+    client_id = os.environ.get("STRAVA_CLIENT_ID")
+    client_secret = os.environ.get("STRAVA_CLIENT_SECRET")
+    
+    # If not provided as env vars, check command line args
+    if not client_id or not client_secret:
+        if len(sys.argv) != 3:
+            print("Usage: python -m strava_mcp.oauth_server <client_id> <client_secret>")
+            print("Or set STRAVA_CLIENT_ID and STRAVA_CLIENT_SECRET environment variables")
+            sys.exit(1)
+        client_id = sys.argv[1]
+        client_secret = sys.argv[2]
+    
+    async def main():
+        try:
+            token = await get_refresh_token_from_oauth(client_id, client_secret)
+            print(f"\nSuccessfully obtained refresh token: {token}")
+            print("\nYou can add this to your environment variables:")
+            print(f"export STRAVA_REFRESH_TOKEN={token}")
+        except Exception as e:
+            logger.exception("Error getting refresh token")
+            print(f"Error: {str(e)}")
+
+    asyncio.run(main())

strava_mcp/service.py

@@ -28,18 +28,12 @@ class StravaService:
         # Set up authentication routes if app is available
         await self.api.setup_auth_routes()
         
-        # If we don't have a refresh token, log instructions for manual auth
+        # If we don't have a refresh token, log info about OAuth flow
         if not self.settings.refresh_token:
-            if self.api.app:
-                logger.info(
-                    "No STRAVA_REFRESH_TOKEN found in environment. "
-                    "The authentication flow will be triggered automatically when needed."
-                )
-            else:
-                logger.warning(
-                    "No STRAVA_REFRESH_TOKEN found in environment and no FastAPI app is available. "
-                    "You'll need to set STRAVA_REFRESH_TOKEN manually for authentication to work."
-                )
+            logger.info(
+                "No STRAVA_REFRESH_TOKEN found in environment. "
+                "The OAuth flow will be triggered automatically when needed."
+            )
 
     async def close(self):
         """Close the API client."""