Hi @rasilawal,
I took another look at your issue and it appears that I have misunderstood the issue.
I've done a bit more digging and I believe I found the cause of the error you are seeing. The issue is not your redirect URL, which I assumed in the post above, but appears to be in the POST authorization request URL that you sent me.
- Your URL is missing the authorization and content-type headers.
- Content-type headers must be set to "application/x-www-form-urlencoded".
- Your Client Secret is present in your URL, which is a security issue that can lead to vulnerabilities to your app. I recommend using Base64 to embed your Client ID:Client Secret into your Authorization Header.
Also, as a side note, I noticed that your expires_in=3600 parameter is using a value that is no longer supported. We only support "28800" (8 hours) for the authorization code grant flow now, and we'll be updating our documentation to reflect this information.
Apart from that, you appear to have every other element included in your POST request (Client ID, redirect URI, grant type) except for the two headers mentioned above (authorization & content-type).
curl -X POST -i
-H 'Authorization: Basic <Base64 Encoded ClientID:ClientSecret>'
-H 'Content-Type: application/x-www-form-urlencoded'
-d "clientId=<ClientID>"
-d "grant_type=authorization_code"
-d "redirect_uri=<redirectURI>"
-d "code=<code>"
https://api.fitbit.com/oauth2/token
As mentioned in my last post, I recommend going through the OAuth 2.0 tutorial to make sure that your POST request matches up to our requirements to see that you are going through the authorization flow successfully.
I believe this should resolve the error of the missing parameter that you are seeing.
Let me know if this helps!
Fitbit Developers oversee the SDK and API forums. We're here to answer questions about Fitbit developer tools, assist with projects, and make sure your voice is heard by the development team.
Best Answer
