At this point, I’m considering creating a Lambda that handles the OAuth callback (e.g. the place Strava redirects to once the user logs in). The lambda could then request the OAuth token from the 3rd party and then make API calls on behalf of the user.
Not sure if I’m on the right track or not, but it kida-sorta feels right…