help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How do you compute OAuth signature ?

ANSWERED

‎03-05-2015 16:06

‎03-05-2015 16:06

I have successfully followed the steps A-G on the page

https://dev.fitbit.com/apps/oauthtutorialpage

 

I have also watched the YouTube video which walks you through this process.

 

What I don't understand is how the tutorial page is generating the signature.

 

I understand it is signed with "${Client (Consumer) Secret}" || "&" || "${Access Token Secret:}"

 

But how do you generate the Signature from this ?

 

I can use the CURL generated from this tutorial page just fine but I have no idea how to translate that into the code I need to write for my Smart Things Driver which is written in Groovy.

 

 

 

Best Answer
Labels:
0 Votes
1 BEST ANSWER

Accepted Solutions

‎03-05-2015 16:46 - edited ‎03-05-2015 16:47

In response to hawaiidesperado

‎03-05-2015 16:46 - edited ‎03-05-2015 16:47

I'll give you a quick example of something I have, please don't take this as the correct way of doing it.

 

@Grab(group='org.codehaus.groovy.modules.http-builder', module='http-builder', version='0.7')
@Grab(group='oauth.signpost', module='signpost-core', version='1.2.1.2')
@Grab(group='oauth.signpost', module='signpost-commonshttp4', version='1.2.1.2')

import oauth.signpost.basic.*

consumer = new DefaultOAuthConsumer('key', 'secret');

provider = new DefaultOAuthProvider(
                 "https://api.fitbit.com/oauth/request_token",
                 "https://api.fitbit.com/oauth/access_token",
                 "https://www.fitbit.com/oauth/authorize"
);

String url = provider.retrieveRequestToken(consumer, "http://myCallbackUrl/");

System.out.println url;

 

 The library can help you get the tokens and make the actual OAuth1 signed requests against the Fitbit API. You will need to store the tokens in some way.

 

View best answer in original post

Best Answer
0 Votes
5 REPLIES 5

‎03-05-2015 16:10

‎03-05-2015 16:10

We don't recommend trying to do this on your own. Use an existing Java or Groovy library such as scribe-java or oauth-signpost. They will make this process a lot easier for you and avoid a lot of common headaches with signing in OAuth 1.0.

Best Answer
0 Votes

‎03-05-2015 16:31

In response to SunsetRunner

‎03-05-2015 16:31

I have found these libraries but not sure how to use them in groovy.  Being new to groovy and OAuth makes it difficult.

 

Do I have to use these libraries to emulate every step in the tutorial or just the last step since I now have permanent keys ?

 

Another aspect I don't completely understand is that I have to sign using my client secret key.  I think this means I need to hard code this key in my app.  But in my case Smart Things I can only share with others using by exposing my source code.  So how to I keep the "secret" key secure ?

 

Looking for some groovy examples if you know of any.  I keep finding Java examples but not groovy

 

Best Answer
0 Votes

‎03-05-2015 16:46 - edited ‎03-05-2015 16:47

In response to hawaiidesperado

‎03-05-2015 16:46 - edited ‎03-05-2015 16:47

I'll give you a quick example of something I have, please don't take this as the correct way of doing it.

 

@Grab(group='org.codehaus.groovy.modules.http-builder', module='http-builder', version='0.7')
@Grab(group='oauth.signpost', module='signpost-core', version='1.2.1.2')
@Grab(group='oauth.signpost', module='signpost-commonshttp4', version='1.2.1.2')

import oauth.signpost.basic.*

consumer = new DefaultOAuthConsumer('key', 'secret');

provider = new DefaultOAuthProvider(
                 "https://api.fitbit.com/oauth/request_token",
                 "https://api.fitbit.com/oauth/access_token",
                 "https://www.fitbit.com/oauth/authorize"
);

String url = provider.retrieveRequestToken(consumer, "http://myCallbackUrl/");

System.out.println url;

 

 The library can help you get the tokens and make the actual OAuth1 signed requests against the Fitbit API. You will need to store the tokens in some way.

 

Best Answer
0 Votes

‎03-05-2015 18:00

In response to SunsetRunner

‎03-05-2015 18:00

Thanks Dan.   Just to clarify I only need to use the part you posted if I want to regenerate my permenant keys in code.  I had already generated them.  I only need to build code to send the request at this point.

 

Or do I need to use the code you posted every time ?

Best Answer
0 Votes

‎03-06-2015 14:37

In response to hawaiidesperado

‎03-06-2015 14:37

Turns out SamrtThings doesn't support importing libraries and they support only OAuth 2, I see that fitbit is planning on moving to OAuth 2 sometime in the future.  So hopefully I can implement this soon.

Best Answer
0 Votes