01-03-2017 13:43
01-03-2017 13:43
Short story:
A few days ago I started developing an app that will track my sleep, calculate sleep dept, Sleep/Awake ratio, predict sleeping hours necessary to get a healthy and refreshing sleep, etc.
I've set it up using the league/oauth-2 client for PHP and it was working fine and dandy until a few days back, when I started getting a "Forbidden" response when doing such a simple thing as trading an authentification code for an access token.
Scenario:
I get redirected to Fitbit, login with my account, allow the app to use my data and get redirected back with state and code in GET parameters in the url and "Forbidden" as the message of the response to my request.
Upon some digging in I found that the response holds this:
Which is really strange because how could I verify myself with captcha when the whole point of using an API is to do it in code?
Things where I might have broken something:
What I've tried so far:
Nothing works. Does anyone have any ideas where the problem is?