help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Frustration getting Fibit API authenticating & working with Xamarin forms via (iOS & Android)

ANSWERED

‎01-22-2018 14:02 - edited ‎01-22-2018 19:36

‎01-22-2018 14:02 - edited ‎01-22-2018 19:36

Issue

As far as I can tell using https://github.com/Clancey/SimpleAuth i am getting no client or account info in the return call from the API and because of that I am not able to properly authenticate but also not able to tell whats going wrong however I do know I am using the correct Information according to the docs. (this would be not an issue if you just gave us access to the device API via Bluetooth but it has been ignored to death on other posts so I'm not going into that here)

 

Link to the gist with the code I am using so far: https://gist.github.com/MobileRez/91b93c3fee922708cd0abdf6ed2fb049

 

Details on Issue:

since its the closest possible option that I could find to being able to support all requirements laid out by your OAuth2 Web API authentication docs for a non OpenID supported OAuth2 API via a phone app.

 

While I don't know much about about building my own OAuth2 implementation I do understand that OAuth was really meant to be Server to server for maximum security since devices like phones are not secure (but no more secure then websites) 

 

I think my issue is with the parsing of the data but this package was built to follow the standard the OAuth2 sets out for authentication... so something is going on here. I lack the understanding of this world to properly instruct / file issues with the package maintainer or make my own/ update this or something like Fitbit.NET

 

I have been fighting with this for almost 3 weeks now, and am starting to regret my choice and purchase of all the different test Fibit devices (also typing this gained me another 1,000+ steps for just sitting here asking for help, typing normally)

 

Is anyone able to help with instructions for people like myself who are trying to figure out how to get this working integrate with and authenticating with Fitbits API or some other option working?

 

Other links looked at & tried:

https://github.com/xamarin/Xamarin.Auth (does not meet requirements set out by fitbit for support)

https://github.com/aarondcoleman/Fitbit.NET (web only example, good stuff but current setup is not easily updated to support xamarin routes with requirements laid out by API guidelines (but has potential and is doable after a bit of de and reconstuction to not rely on webviews)

https://community.fitbit.com/t5/Web-API-Development/Updating-a-Fitbit-NET-plugin-to-OAuth2-Frustrati...

https://community.fitbit.com/t5/Web-API-Development/Make-your-OAuth2-0-request-in-less-than-1-minute...

https://community.fitbit.com/t5/Web-API-Development/Web-API-FAQs-README-txt/m-p/2032127#M7757

https://community.fitbit.com/t5/Web-API-Development/OAuth2-0-Example/m-p/2420115/highlight/false#M84...

https://community.fitbit.com/t5/Web-API-Development/Callback-URL-iOS/m-p/1020763#M3647

https://community.fitbit.com/t5/Web-API-Development/Client-Secrets-Not-Being-Generated-for-Newly-Reg...

 

Final Notes:

your OAuth2 docs are not helpful for someone new to OAuth2. please stop telling me to go look at that. your docs are probably great, but it assumes the consumer understands OAuth2 and has built or is building their own set up (that takes some time)

Best Answer
Labels:
1 BEST ANSWER

Accepted Solutions

‎01-24-2018 19:06

In response to MobileRez

‎01-24-2018 19:06

so i figured out what was going wrong... when I was being told that fitbit follows OAuth2 Standards i assumed that it was a Standard/generic implmentation, therefor when the packages built to work with generic oauth implmentations were not working i was getting frustrated.

 

After working with the package's owner we noticed that there were a lot of non-standard tweaks happening that was causing the issues like where you are supposed to pass in the auth header (a "standard OAuth2 call" would have that in the content.

 

He will be updating the nuget package but his solution adds https://github.com/Clancey/SimpleAuth/blob/master/src/SimpleAuth/Providers/FitBitApi.cs

 

then all I had to do was add the following code:

 

 

var fitbitApi = new FitBitApi(ApiKeys.FitBitServiceId, ApiKeys.FitbitClientId, ApiKeys.FitbitClientSecret, true, ApiKeys.FitbitRedirectionEndpoint)
                {
                    Scopes = ApiKeys.FitbitScope
                };

                var account = await fitbitApi.Authenticate();

 

 

and I got a valid token and refresh token. also he has it set up so you can choose implicit or not!

 

and all this because of a lack of documentation / communication issue. the docs assume you know its not a standard OAuth2 call and you know there is going to be some tweaking going on.

 

Hopefully this helps others as well.

View best answer in original post

Best Answer
9 REPLIES 9

‎01-23-2018 14:29

‎01-23-2018 14:29

@MobileRez the Fitbit API is implemented using OAuth2.0 protocol. 

Understanding basics of OAuth2.0 and http(s) protocol is required for someone to be able to start using Fitbit's API efficiently. There are some open source OAuth2.0 libraries are available online by 3rd party developers. Please check out this page: https://dev.fitbit.com/build/reference/web-api/community-resources/

At dev.fitbit.com/apps/details/YOUR_APP_ID please search for OAuth 2.0 tutorial page link. It will redirect you to the interactive tutorial page that will help you understand how OAuth2.0 works.

Also OAuth2.0 is not limited to server-server communication and can be used to make requests from your phone to backend service. As long as you are able to  get access token(and optionally refresh token) you should be abled to make requests from any mobile device to fitbit api backend services.

Best Answer
0 Votes

‎01-23-2018 18:10

In response to IoanbsuFitbit

‎01-23-2018 18:10

@IoanbsuFitbit thanks for the reply, you missed the point of why I even posted this in the first place, so perhaps it was my fault for not explaining things and let me try again.

 

first thing I tried was using rest sharp to build my own communications. their docs are non existent, and the videos and help detail do not help someone with the full authentication process. or when i did it was outdated (OAuth1 or did not match the "standard" OAuth2 method used by Fitbit) so doing it my self was apparent it was not going to work. https://dev.fitbit.com/apps/oauthinteractivetutorial was no help cause it simulates a WEB authentication no what headers to use, etc. but was helpful in understanding Fitbits OAuth2 process)

 

2. I then look to see what other people have done and what did I find, web, web, web, web, web web web and more web. what i did find mobile was people asking for help or using outdated methods that are no longer valid (like using web views) and that's great, but I know even less about the web world and I could not find anything describing how to build and test a user authenticating from an app, that talks to the apps api, and then that api, talks to Fitbits api.

 

3. Look to see what packages are out there for OAuth2 and or Fitbit. the answer again was web, web, web, web, web, web and if not its was again using web views in a way I could not just substitute the calls for your requirements (ChromeCustomTabs &/or SFSafariViewControler) 

 

4. I post on the forum so that some other dev who solved this frustration might help me and others in this issue or that the creators of that API would help people use it.

 

what your response told me was "if you do know how to use this thing then we cant help you" which because of my lack of info, may have been the wrong message sent. so im going to assume that.

 

So do you have demos other then websites that people can look at (id prefer c# but even other methods are helpful)?

 

Can you explain why fitbit does not support OpenID http://openid.net/connect/ which would also solve my and many other peoples issues?

 

 My original question came down to "i need a expert to tell me if my assumtions are wrong or not as according to what YOU and others have linked, i SHOULD be getting account information back, if i an not its either. I am doing somthing wrong (missing a step with the code, not setting something up right .. which I verified to day with Postman that I am... but at the time I didnt ... and it would be great if you include a guide on how to use postman to check your authentications rather then just telling people to use it and assuming every programer understands the process) as soon as I saw there was no blutooth access I know I was going to have to do some work to get this working, it might not be for a few days or even a few weeks... but it was not going to be a simple coding.

 

 

so all stess and frustration asside for trying to get this to work, I am reaching out, asking for help to get this working.. and for all the snark I might want to give or the reasons why I should not of chosen these devices and im trying to get this working so I can have sucess, and help others have sucess as well... 

 

or be honest, say none at fibit has got an app working form the "public api" and your apps api is different, or that you really cant help me and why. So at least I know that going to you guys wont help at all and I can stop getting the same answers you sent me and try to make some real progress to come back and help others with.

 

 

Best Answer

‎01-24-2018 19:06

In response to MobileRez

‎01-24-2018 19:06

so i figured out what was going wrong... when I was being told that fitbit follows OAuth2 Standards i assumed that it was a Standard/generic implmentation, therefor when the packages built to work with generic oauth implmentations were not working i was getting frustrated.

 

After working with the package's owner we noticed that there were a lot of non-standard tweaks happening that was causing the issues like where you are supposed to pass in the auth header (a "standard OAuth2 call" would have that in the content.

 

He will be updating the nuget package but his solution adds https://github.com/Clancey/SimpleAuth/blob/master/src/SimpleAuth/Providers/FitBitApi.cs

 

then all I had to do was add the following code:

 

 

var fitbitApi = new FitBitApi(ApiKeys.FitBitServiceId, ApiKeys.FitbitClientId, ApiKeys.FitbitClientSecret, true, ApiKeys.FitbitRedirectionEndpoint)
                {
                    Scopes = ApiKeys.FitbitScope
                };

                var account = await fitbitApi.Authenticate();

 

 

and I got a valid token and refresh token. also he has it set up so you can choose implicit or not!

 

and all this because of a lack of documentation / communication issue. the docs assume you know its not a standard OAuth2 call and you know there is going to be some tweaking going on.

 

Hopefully this helps others as well.

Best Answer

‎03-14-2018 07:51

In response to MobileRez

‎03-14-2018 07:51

I have a similar experience with OAuth2 and FitBit.. 

I am stuck at getting back the Authorization Code from the API EndPoint. 

On the Forum, either I get no feedback or being advised to "use a Web Backend". 

Again, assuming that I know how to use for instance FireBase as a Web Backend. 

Nowhere this is mentioned in the Documentation, which is very strange. 

FitBit has so much friction on using the data from the API that it seems like they don't want people using the data on it. I expected to focus on User Experience, User Stories, Data Visualizations. Instead I am focusing on getting callbacks to work in an OAuth2 process with too many deviations..

 

Seriously considering to call it quits and focus on another API EndPoint, not FitBit.. 

This does not seem to be a concern for the company either.. 

Best Answer
0 Votes

‎03-14-2018 08:28

In response to NielsWearables

‎03-14-2018 08:28

Niels,

 

are you using Xamarin or not? If you are using Xamarin, take a look at https://github.com/Clancey/SimpleAuth otherwise I am not sure how i can help with your issue.

Best Answer
0 Votes

‎03-14-2018 14:15

In response to MobileRez

‎03-14-2018 14:15

No I work on Android Native, 

 
Thank you for the response.. 
 
I have an issue with the redirect_url in the OAuth2 Process with the FitBit API.. 
So maybe it is the same in Xamarin? 
Some additional information.. 
 
User is directed to the Authorization Page in Chrome Custom Tabs (recommended). When clicked "agree", user is not redirected back to application or I get an error message.
I find the documentation on the FitBit website very unclear..
I have already set callback_uri in many different ways, with different outcomes:
I land on the Local Page with the right Auth Code No redirect because not specified:
I would think that the first one would be the correct one for development purposes on local. 
 
But then.. 
When added /callback, I get an "error not found" message. 
So I do get an Authorization Code in the Browser, but I do not get redirected to my application.. 
 
Setting in the Application Page are correct.
Settings in the Manifest are the following, adapted per redirect..
<intent-filter> <action android:name="android.intent.action.VIEW"/>
<category android:name="android.intent.category.DEFAULT"/> 
<category android:name="android.intent.category.BROWSABLE"/> 
<data android:host="www.locallhost.com/callback" 
      android:scheme="http"/>
</intent-filter>
My Questions:
  • What are the rules and expectancies regarding redirect_url in general, and for the FitBit API in particular?
  • How can I set a working redirect_url for testing purposes on local machine?
  • How can I set a working redirect_url in production before buying a domain name?
 
 
Best Answer
0 Votes

‎09-28-2019 20:10 - edited ‎09-28-2019 20:11

In response to MobileRez

‎09-28-2019 20:10 - edited ‎09-28-2019 20:11

I thanks for your usefull information, I´m having another problem, FitBit require the use of Chrome Custom tabs instead of webview android control, i´m working on xamarin forms but I cant get working the CustomTab, always the auth windows popup its a WebView, have you resoved that problem? 

Best Answer
0 Votes

‎09-30-2019 07:23

In response to Danilow

‎09-30-2019 07:23

have you taken a look at using https://github.com/clancey/SimpleAuth ? they are what I ended up using to solve the issue and it supports the chrome custom tabs instead of the WebView. 

 

This will help with the authentication for Fitbit in Xamarin Apps be it forms or native. as of the time of this writing, I have it working to authenticate and save authentication as well as then getting step data and other info pulled into my app. 

Best Answer
0 Votes

‎09-30-2019 08:57

In response to Danilow

‎09-30-2019 08:57

Hi, I am currently not using Android anymore, I am developing with Javascript. I still know you really need to use the Chrome Custom Tabs.. Cannot do much more for you.. Take care! 

Best Answer
0 Votes