Hard Coded Secret and Tokens in OAuth 2.0

RobinKun · ‎08-09-2016

Hi All

I am not developing/maintaining an app, all I do is grab data from several fitbits whose credentials and data I am in charge of and store it in a local database. The way I did it in OAuth 1.a was that I had all the tokens and secrets hard coded in an a array (token_array/secrets_array) and straightforward created the API credentials and then grabed the data:

for i=...

API ResourceCredentials resourceCredentials = new APIResourceCredentials(userId[i],token_array[i],secrets_array[i])

...grab data and store in locel DB,

is this still possible with the OAuth 2.0 and if yes what do I have to change in my code? As you might have guessed, I am not a software engineer and my understanding of the topic is quite limited.

Any help is appreciated

JeremiahFitbit · ‎08-18-2016

First, you need to upgrade each person's OAuth 1.0a access token and access token secret to an OAuth 2.0 access token and refresh token. Instructions for that are at https://dev.fitbit.com/docs/oauth2/#migrating-from-oauth-1-0a .

Then, to make requests, you can do what you are currently doing. With OAuth 2.0, you only need the person's access token to make an API request. The "Authorization" header is a value of "Bearer " and the OAuth 2.0 access token. An example of an OAuth 2.0 API request is at https://dev.fitbit.com/docs/oauth2/#making-requests .

Unlike OAuth 1.0a access tokens, OAuth 2.0 access tokens expire regularly. Your app has to refresh them. This process is described at https://dev.fitbit.com/docs/oauth2/#refreshing-tokens .

RobinKu · ‎10-25-2016

Hi Jeremiah

Thx for your reply. I found this similar post: https://community.fitbit.com/t5/Web-API/Lifetime-Access-Tokens-for-Command-Line-Tools/m-p/1141477/hi...

and followed the steps.

Authorization works and I get the code

But when I try to do the "access token request" it always says:

"

this request must use the HTTPS protocol

"

Any idea why this happens?

Best

Robin

AndrewFitbit · ‎10-25-2016

@RobinKu You need to use https:// instead of http://

Andrew | Community Moderator, Fitbit

What motivates you?

sdfe · ‎11-16-2016

I do use https and I still get this error message!

AndrewFitbit · ‎11-16-2016

@sdfe Can you show me the request you're making?

Andrew | Community Moderator, Fitbit

What motivates you?

gmdev · ‎09-04-2017

I assume it is too late for @RobinKun but for people that are facing this error message, I just come to get it and it has nothing to do with HTTPS. In my case it is due to a double slash in the URL.

This request works:

https://api.fitbit.com/1/user/-/body/log/weight/date/2017-08-15/2017-09-04.json

This one returns the this request must use the HTTPS protocol error message:

https://api.fitbit.com/1/user/-/body/log/weight//date/2017-08-15/2017-09-04.json

It occurs wherever the doubled slash is:

https://api.fitbit.com/1/user//-/body/log/weight/date/2017-08-15/2017-09-04.json

It would be nice if that could be fixed, it can conduct to a massive loss of time for the Fitbit's API integrators.

Hope it will help!

Join us on the Community Forums!

Community Guidelines

Learn the Basics

Join the Community!

Not finding your answer on the Community Forums?

Go to the Help Site

Contact Support

Hard Coded Secret and Tokens in OAuth 2.0

RobinKun

JeremiahFitbit

RobinKu

AndrewFitbit

sdfe

AndrewFitbit

gmdev