help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Blank response in final step of OAuth1.0

ANSWERED

‎06-25-2015 07:13

‎06-25-2015 07:13

Hi,

 

I've just started playing around with the fitbit api today and have run into a problem - I'm using nodejs to setup an authentication request for my application.

 

So far I've succesfully received a request token, I then have the user sent to the authentication page on the fitbit website. Once they click approve they are redirected back to my site successfully and I receive the temporary token.

 

However I send a post request with the temporary token in the OAuth header to receive the access token the reponse I get back from the server is an empty array {}.

 

I've tried using a token I know will fail and I receive a permission denied response which implies my temporary token is being accepted by the server.

 

Has anyone else experienced this issue? Could it be a problem on the fitbit end or with the oauth module I am using for node.

 

Any help is appreciated.

Best Answer
Labels:
0 Votes
1 BEST ANSWER

Accepted Solutions

‎07-14-2015 03:44

In response to ivan_g

‎07-14-2015 03:44

Fixed this issue, it was a problem with the way I had implemented passport for nodejs - failed to set a proper return from the final stage authentication function.

View best answer in original post

Best Answer
0 Votes
8 REPLIES 8

‎06-25-2015 10:56

‎06-25-2015 10:56

That endpoint doesn't return JSON and is working across the system, so let's try to find out what is wrong with this library.

 

Can you capture the HTTP request that your application is making? You can use a tool like Runscope Captures. You can get a free Runscope account at https://www.runscope.com/fitbit .

Best Answer
0 Votes

‎06-26-2015 02:47

In response to JeremiahFitbit

‎06-26-2015 02:47

The header for my initial https request is:

 

{ Authorization: 'OAuth oauth_consumer_key="xxxxxx23ca8671175a51a21952ff4a9c", oauth_nonce="xxxxxxJPxT5xsvmZHVUAz068I2A5L8Ou", oauth_signature="xxxxxxhSe149%2FDFxb1H7j%2BZEZOw%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1435310292", oauth_version="1.0"',
host: 'api.fitbit.com' },

 

And this request is made to: https://api.fitbit.com/oauth/request_token

 

The reponse I receive is:

 

body: 'oauth_token=xxxxxxe788321674c18409ff0f63ac34&oauth_token_secret=xxxxxxfc48bf0ac86f9984ac370ae3cd&oauth_callback_confirmed=true' }

 

I then redirect to: https://www.fitbit.com/oauth/authenticate?oauth_token=xxxxxxe788321674c18409ff0f63ac34

 

Which takes me to the fitbit oauth approval page, upon clicking verify I am sent back to my website:

 

headers for request to my site:
host: 'mywerbserver.com:8060',
connection: 'keep-alive',
accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
'user-agent': 'Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.130 Safari/537.36',
dnt: '1',
'accept-encoding': 'gzip, deflate, sdch',
'accept-language': 'en-US,en;q=0.8',
cookie: 'cookie_notice_accepted=true; PHPSESSID=qpk2eo0c5hl51hem9de8fj8so5' },

 

Url including post data:

mywebserver.com:8060/authorised?oauth_token=xxxxxx703757db70337db8c5eb43b5e4&oauth_verifier=xxxxxxe8259be527d904b239966b3ee

 

This means I have a temporary token which is then used to make a request for an access token for which the header is:

 

headers:
{ Authorization: 'OAuth oauth_consumer_key="xxxxxx23ca8671175a51a21952ff4a9c", oauth_nonce="xxxxxxBSXQ7v8jc6z29aFCZPFf32Yi4j", oauth_signature="xxxxxxlimG%2FQ5Pl22DRAiRH2ui8%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1435310296", oauth_version="1.0"',
host: 'api.fitbit.com' },

 

Sent to the url: https://api.fitbit.com/oauth/access_token

 

As mentioned previously I receive a response with no body, however if I change my oauth token to use something other than the temporary token I receive back from fitbit I get an oauth error.

Best Answer
0 Votes

‎06-26-2015 03:37

In response to ivan_g

‎06-26-2015 03:37

Just tried a different oauth library (passport) and I now get an access token back from the server. However the page gets stuck at the callback and just loads forever. I expect this is something to do with how I have my callback setup in my webserver though.

Best Answer
0 Votes

‎06-29-2015 01:10

In response to ivan_g

‎06-29-2015 01:10

Currently I get a valid access token sent to my server but the client's browser hangs on the redirect from the fitbit website - it loads for about 10 minutes after the client details have been entered and then crashes saying the authentication failed.

 

Has anyone else had any similar problem?

Best Answer
0 Votes

‎07-02-2015 06:51

In response to ivan_g

‎07-02-2015 06:51

@JeremiahFitbit I've got this live on a site right now if you could observe the loop that the authentication gets stuck in. 

 

http://nickallott.com:8060/auth/fitbit/

Best Answer
0 Votes

‎07-02-2015 11:37

In response to ivan_g

‎07-02-2015 11:37

@ivan_g: I'm getting an 'unable to connect' browser error.

 

Via curl:

$ curl -v http://nickallott.com:8060/auth/fitbit/
* Hostname was NOT found in DNS cache
*   Trying 46.137.113.37...
* connect to 46.137.113.37 port 8060 failed: Connection refused
* Failed to connect to nickallott.com port 8060: Connection refused
* Closing connection 0
curl: (7) Failed to connect to nickallott.com port 8060: Connection refused
Best Answer
0 Votes

‎07-03-2015 01:51

In response to JeremiahFitbit

‎07-03-2015 01:51

@JeremiahFitbit sorry the server had gone down - someone restarted the box and the test code I'm running doesn't auto-restart yet.

 

The problem still persists though - when authorising an account the connection times out before it redirects to my website but I still receive a token. 

 

The result of running curl for your convenience is:

 

* About to connect() to nickallott.com port 8060 (#0)
* Trying 46.137.113.37... connected
> GET /auth/fitbit HTTP/1.1
> User-Agent: curl/7.22.0 (i686-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: nickallott.com:8060
> Accept: */*
>
< HTTP/1.1 302 Moved Temporarily
< X-Powered-By: Express
< Location: https://api.fitbit.com/oauth/authorize?oauth_token=b8f9020ee72dbfde38d01355259cecf6
< Content-Length: 0
< set-cookie: connect.sid=s%3AiWBxdUb6jjuqLeSobjuyp94-KJogceJ0.iFB9MazqLCRnYK0If%2Br9iEgc29WT4H%2Fdue6I26jXhWI; Path=/; HttpOnly
< Date: Fri, 03 Jul 2015 08:50:59 GMT
< Connection: keep-alive
<
* Connection #0 to host nickallott.com left intact
* Closing connection #0

 

 

 

Best Answer
0 Votes

‎07-14-2015 03:44

In response to ivan_g

‎07-14-2015 03:44

Fixed this issue, it was a problem with the way I had implemented passport for nodejs - failed to set a proper return from the final stage authentication function.

Best Answer
0 Votes