help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Getting authorization code the right way...

‎08-11-2016 21:55

‎08-11-2016 21:55

I put my oauth2 flow together and it works, but I think I need to clean it up for the sake of user experience and code integrity. I'm currently using Chrome custom tabs to send the user to the FitBit auth page, but I'm not sure about the best way to handle passing off the authorization code. What I have feels like a work around.

 

I send the user to the FitBit auth page with a "state" (an option for GET parameters). When FitBit redirects to my server the "state" value also gets sent with it and I put the state and the auth code into a database table. Then client side, I make a request to my server, and retrieve the code associated with the state I just sent.

 

I feel like I must be over looking something. But I can't find anyway to look at the GET (auth code) data sent along to my redirect url in Chrome custom tabs. Advice would be very much appreciated. Thanks!

Best Answer
Labels:
0 Votes
0 REPLIES 0