help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Code Converting from oAuth 1 to 2

ANSWERED

‎08-03-2016 15:37

‎08-03-2016 15:37

In the oAuth V1 we used to be able to query the system using the userid..something like:

 

https://api.fitbit.com/1/user/<fitBitUserID>/activity/date/<someDate>.json

 

After I register a user using oAuth v2, I am not longer able to query the user using this method, is this supported?

 

Thanks,

Luke

Best Answer
Labels:
0 Votes
1 BEST ANSWER

Accepted Solutions

‎08-04-2016 10:15

In response to lbalding

‎08-04-2016 10:15

I think I have this figured out.  The documentation on the activities seems to indicate that you can query the user directly without have to specify the Bearer in the header by just putting the userid into the query string.  This does not appear to be the case.  I included the bearer with the accesstoken and that appears to have solved the issue.

View best answer in original post

Best Answer
0 Votes
12 REPLIES 12

‎08-03-2016 16:12

‎08-03-2016 16:12

@lbalding Did you update the access token of the user? Any error messages you're seeing would also be helpful.

Andrew | Community Moderator, Fitbit

What motivates you?
Best Answer

‎08-03-2016 17:17

‎08-03-2016 17:17

In addition to what Andrew said, are you requesting a user id other than the user who authorized your application? If so, why?

Best Answer
0 Votes

‎08-03-2016 17:45

In response to AndrewFitbit

‎08-03-2016 17:45

@AndrewFitbit It was a new registration under oAuth V2.  The error message is:

 

{"errors":[{"errorType":"insufficient_scope","message":"This application does not have permission to access activity data. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}

 

I specified all of the available scopes.

 

Luke

 

 

Best Answer
0 Votes

‎08-03-2016 17:49

In response to JeremiahFitbit

‎08-03-2016 17:49

It's the same user.  

Best Answer
0 Votes

‎08-03-2016 17:52

In response to lbalding

‎08-03-2016 17:52

Did the person actually grant your app the scopes requested? The scopes the person authorized are returned with the access token.

Best Answer
0 Votes

‎08-03-2016 19:11

In response to JeremiahFitbit

‎08-03-2016 19:11

I was using my test account.  Also, I am trying to send you an email from my office email in a response from fitbit-support but am getting a 5.7.50.

Best Answer
0 Votes

‎08-04-2016 10:15

In response to lbalding

‎08-04-2016 10:15

I think I have this figured out.  The documentation on the activities seems to indicate that you can query the user directly without have to specify the Bearer in the header by just putting the userid into the query string.  This does not appear to be the case.  I included the bearer with the accesstoken and that appears to have solved the issue.

Best Answer
0 Votes

‎08-04-2016 10:28 - edited ‎08-04-2016 10:32

In response to lbalding

‎08-04-2016 10:28 - edited ‎08-04-2016 10:32

Correct, you must include the Authorization header. This is part of OAuth 2.0. If you don't include the Authorization header, the Fitbit Web API has no way of knowing what app is making the request and what person has authorized the app.

 

Looking at the error message returned will help diagnose issues. For example, if you do a GET request on https://api.fitbit.com/1/user/-/activities/date/2016-08-04.json , you'll get this error:

 

HTTP/1.1 401 Unauthorized

{
    "errors": [
        {
            "errorType": "invalid_request",
            "message": "Authorization header required. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."
        }
    ],
    "success": false
}
Best Answer
0 Votes

‎08-04-2016 10:30

In response to JeremiahFitbit

‎08-04-2016 10:30

I was hoping that base64'ing the clientid and my secret and then using the userid in the query string that I would avoid having to build logic for refreshing the users auth token.

Best Answer
0 Votes

‎08-04-2016 10:35

In response to lbalding

‎08-04-2016 10:35

Your client id and secret only identify your app to the API. This can be used in some requests that are "client only" requests, where the API only needs to know what app is making the request.

 

When your app makes requests on behalf of a person, you must use the access token. The access token represents the specific user authorization and the scope level they approved.

Best Answer
0 Votes

‎08-04-2016 10:38

In response to JeremiahFitbit

‎08-04-2016 10:38

ok, I get it.  That user auth token represents the encounter the user is having with our particular clientid.

 

 

Best Answer

‎08-04-2016 10:41

In response to lbalding

‎08-04-2016 10:41

You got it! 👍

Best Answer
0 Votes