Cancel
Showing results for 
Search instead for 
Did you mean: 

Keeping the authentication token fresh through the companion API

SOLVED

Hi Everyone,

 

I'm working on a simple clockface which exposes some nutritional information on the Ionic.  The clockface is running fine utill the authentication token expires.  The sample here: https://github.com/Fitbit/sdk-oauth doesn't show that there is any need to refresh the token.  As getting a token to expire while connected to the debugger is very difficult, I'd like to make sure that this is actually required by design before I try to work around it.  I am retrieving the authentication token through the settings api like in the example. If this is needed it would be great if you would add it to the example project.  Alternatively if you could give some suggestion as to how to use the fetch api to achieve this i would be really grateful.

 

On a side note, I think it is really cumbersome that we have to use the web api to retrieve data that is already available in the mobile application.  There really should be a better way to get access to this data without requiring users to find their way to the deeply hidden clockface settings screen in order to authenticate.  Its very difficult to instruct users on how to do this and limits the freshness of that information, since we are limited by the web api's request limit.

Accepted Solution
0 Votes
1 ACCEPTED SOLUTION

Accepted Solutions

Thanks for the feedback. Yes, you need to handle the refresh token yourself. I will get the example app updated to include dealing with this in the future.

 

In terms of requiring users to login (even though they are already logged into the mobile app), we hope to resolve this in the future, but it's a limitation we have to deal with for now.

 

 

Accepted Solution
0 Votes
3 REPLIES

Thanks for the feedback. Yes, you need to handle the refresh token yourself. I will get the example app updated to include dealing with this in the future.

 

In terms of requiring users to login (even though they are already logged into the mobile app), we hope to resolve this in the future, but it's a limitation we have to deal with for now.

 

 

Accepted Solution
0 Votes

Thanks for the quick reply.  Follow up question then.. How should we retrieve the client id and client secret?  Its defined in the Oauth settings component, but there doesn't seem to be documentation on how to retrieve it from JS if thats even possible.  Is it safe to store the base64 encoded string of [client_id]:[client_secret] in a place that is accessible to the JS?

Accepted Solution
0 Votes

You can store those values in JS, then include them into the settings page.

 

You may also want to take a look a the WebConfig component, it's what the OAuth component uses under the hood. You'll see some examples on Discord.

Accepted Solution
0 Votes