help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Authorizing a registered fitbit app from companion/settings.

‎10-10-2018 08:40 - edited ‎10-10-2018 08:48

‎10-10-2018 08:40 - edited ‎10-10-2018 08:48

Please, excuse my ignorance. I'm new to this. I fully expect that I may be doing something totally weird.

Please help.

I need to authorize my web service to access fitbit user data - the metrics.

I need to authorize this service from a companion app. 

 

Here's what I have:

1. I have a registered FitBit app at "https://dev.fitbit.com/apps".

2. I have a web service that acts as that app. It get's users readings for processing. The way I authorize it to access the user's data is through "https://www.fitbit.com/oauth2/authorize" and relying on the redirect_url that goes to my service. The service on the redirect accesses users' data.

3. I have a watchface for versa with a companion that talk to my service to get and show the results of my "processing".

 

 

So essentially I have like a loop back to fitbit: versa app/companion signs into my webservice which then signs into fitbit. Seems like a round trip. 

 

Right now in settings I let people provide login info for my webservice.

I keep thinking that I also need to add to settings "authorize" which would go to "https://www.fitbit.com/oauth2/authorize" and with a redirect allow my server to access the data.

 

This seems strange and flow is ugly: user has to login to my service. Then they need to login to fitbit to authorize my app even though they are already logged into fitbit since they are in the fitbit. 

Can this be simplified? streamlined? Like authorize a service right from here without requiring another fitbit login? Am I missing something?

 

PS. Also looking at the Oauth component documentation I don't understand the note: "Note: Most OAuth providers require you to specify the redirect_url domain or full path that you will be using with their service. We have provided a special URL to automatically handle the redirection. Please use: https://app-settings.fitbitdevelopercontent.com/simple-redirect.html".

How do I use this to redirect to my webservice? 

Sorry again for being so such a newb. 

Best Answer
0 Votes
7 REPLIES 7

‎10-10-2018 09:00

‎10-10-2018 09:00

It's annoying that the user has to login twice, hopefully we'll solve this in a future update.

 

In the meantime, you can see the step-by-step instructions on the OAuth example app https://github.com/fitbit/sdk-oauth

Best Answer
0 Votes

‎10-10-2018 09:06 - edited ‎10-10-2018 09:11

In response to JonFitbit

‎10-10-2018 09:06 - edited ‎10-10-2018 09:11

Jon, so would you agree that my thinking/approach is correct for now?

And effectively it's not 2 logins. It's 3: 1 - User has to login to the fitbit android/iOS app; 2 - user has to login to my service; 3 - user has to login to FitBit from within FitBit android/iOS app just to authorize my server.

I saw that sample, thanks.

Also can you demystify for me the redirect_url and OAuth setting component? I just don't get it. Where do I specify redirect and how?

Best Answer
0 Votes

‎10-10-2018 09:17

In response to SpuriousWakeup

‎10-10-2018 09:17

The number of logins depends if you actually need users to login to their Fitbit account. You only need to do that if you need data from our Web API.

 

The sample app demonstrates how to configure the OAuth component, look in the /settings/ folder.

Best Answer
0 Votes

‎10-10-2018 09:22

In response to JonFitbit

‎10-10-2018 09:22

The sample doesn't deal with redirect_uri as far as I can tell at all. Am I blind? 

 

Seemingly Strava is doing similar thing, no?. Don't they access user data fom web api? how do they no ask a bunch of logins?

Best Answer
0 Votes

‎10-10-2018 09:34

In response to SpuriousWakeup

‎10-10-2018 09:34

Check the readme in the sample app, it explains how to use the redirect with our OAuth.

 

The Strava app doesn't access our Web APIs, so it doesn't need to authenticate users to Fitbit, only to its own backend.

Best Answer
0 Votes

‎10-10-2018 10:25

In response to JonFitbit

‎10-10-2018 10:25

Got it. Thanks! 

Now the note about redirect makes a lot more sense. However I rely on the fact that the redirect goes to my service and not this very specific "https://app-settings.fitbitdevelopercontent.com/simple-redirect.html".

As far as I understand that redirect is so that it comes back to the settings with the access token, right?

I don't need that. I need my server to complete the seconds step. So is it ok to keep my redirect the way I have it?

Best Answer
0 Votes

‎10-10-2018 12:42

In response to JonFitbit

‎10-10-2018 12:42

Wait, so what I'm trying to do is not possible, is it? Oauth component in the settings doesn't allow a redirect to go to a different place other than the "https://app-settings.fitbitdevelopercontent.com/simple-redirect.html", does it? So in other words the 2 authentication steps must be coming back here. The 2nd step can't be performed by my service, can it?

That seems like a total impasse. 

Best Answer
0 Votes