help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Issue with HTTP Basic Auth and fetch()

‎11-12-2017 21:43 - edited ‎11-12-2017 21:45

‎11-12-2017 21:43 - edited ‎11-12-2017 21:45

I am having trouble using the fetch API in the companion app to request from a server with HTTP Basic authn.

 

if(s.user) {
  const auth = btoa(s.user + ':' + s.pass);
  headers['Authorization'] = `Basic ${auth}`;
}
headers['Accept'] = 'application/json';

const opts = {headers: headers, mode: 'no-cors'}; //, credentials: 'include'};
  
return fetch(url, opts).then(function(response) {
  console.log('Response: ' + response.status);
  return response.text();
}).catch(function(err) {
  console.log('ERROR: ' + err)
});

First of all, I tested the 'btoa' polyfill I'm using, and it properly base64'd the username and password.

 

This request is being executed and the catch handler isn't being invoked.  I know from server logs that the client is not providing username and password, and the server is responding with 401 Unathorized.  However, the response.status value is 0, and response.statusText is empty.

 

Worse... I can't seem to set username and password for HTTP Basic Auth.

 

What am I doing wrong here?  Or is there a bug?  Headers don't seem to be getting set at all.

FitBit Ionic / Google Pixel / Android 8.0.0
Best Answer
Labels:
0 Votes
7 REPLIES 7

‎11-13-2017 12:55

‎11-13-2017 12:55

I know that iOS has a restriction which means the endpoint has to be HTTPS.

 

Could that be the issue?

Best Answer
0 Votes

‎11-13-2017 13:50

In response to JonFitbit

‎11-13-2017 13:50

I should have said more about my environment.  I am on Android 8.0.0 on a Google Pixel.  The endpoint is HTTPS, with a LetsEncrypt certificate.

FitBit Ionic / Google Pixel / Android 8.0.0
Best Answer
0 Votes

‎11-13-2017 21:09 - edited ‎11-13-2017 21:10

In response to JonFitbit

‎11-13-2017 21:09 - edited ‎11-13-2017 21:10

I set up a server this evening that logs all request headers sent and played around with that a bit, changing different headers with fetch().

 

I CAN change the 'Accept' header.  It defaults to */*, I can change it to application/json.

 

I am not able to set the 'Authorization' header.  Nothing I put in there makes it through, even trying 'Bearer' like in the OAuth2 SDK example.

 

I am also not able to set a nonstandard header like 'X-Absurd-Header'.

FitBit Ionic / Google Pixel / Android 8.0.0
Best Answer
0 Votes

‎05-06-2018 05:50 - edited ‎05-06-2018 05:51

‎05-06-2018 05:50 - edited ‎05-06-2018 05:51

I ran in the same issue today as I want to get OAuth working with an /access_token endpoint enforcing CORS. I guess the "mode: 'no-cors'" results in the promise to be resolved properly, but the underlying website not being called at all... 

 

Is there any idea how to fix this? OAuth is the base of quite an amount of apps developers want to build, but are not able to with the current tools...

 

DcgWTqgW0AEmE8-.jpg

Best Answer
0 Votes

‎05-06-2018 07:16

In response to sibbl

‎05-06-2018 07:16

Let the companion app do the get token stuff to handle CORS. Check the solution of JonFitbit in this thread:

 

https://community.fitbit.com/t5/SDK-Development/3rd-party-REST-API-OAuth-authentication/m-p/2338210/...

Best Answer
0 Votes

‎05-06-2018 11:56 - edited ‎05-06-2018 12:43

In response to Florian87

‎05-06-2018 11:56 - edited ‎05-06-2018 12:43

I'm currently doing the same stuff as described in your link in the settings/index.jsx. Of course it's a bit different but in the end, I put together a URL I only need to do a GET on. This URL works properly when copy-pasting it in the browser, so there's not much magic. However, I cannot do this GET inside the onReturn method.

 

A normal GET without "no-cors" results in the URL being called (I can check this because the acquired token is invalid afterwards). However, Fitbit throws the error and I cannot parse the returned JSON due to this.

 

fitbit.png

 

If I use "no-cors" mode, then the URL is not called (token is still valid afterwards) and there's no error. However, the response has a status code of 0 and no body.

 

 

UPDATE: I finally got it working by setting the code received with "onReturn" in the settingsStorage (why the hell is it "props.settingsStorage" and not a usual import?). Then the "settingsStorage.onchanged" is triggered in my companion/index.js - and there the fetch works properly. I store the received access_token then in my settingsStorage again (which interestingly doesn't trigger the "onchanged" event...) and can work with it. 
After using the SDK for some days, I have to say that it's not fun guessing such tricky solutions... 

Best Answer

‎08-15-2019 09:56

‎08-15-2019 09:56

Hi jtickle,

 

I try to use companion fetch with Basic authhorization too, but how can i call btoa() method in companion file?

 

Thanks

Seksit

Best Answer
0 Votes