help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Make.com OAuth2 Integration

‎01-18-2024 03:43

‎01-18-2024 03:43

Hey everyone,

Really hoping that someone can help me with this as I've tried for a week, with various searches, attempts and even ChatGPT but failing! 

I'm building a personal use app to scan NFC's for water intake logging and food tracking, and trying to set up a HTTP request OAuth2 via Make.com (formerly Integromat) to enable this. I can make it work when I give Make.com an Authorization Bearer token, but I can't generate one and pass the OAuth2 process manually.

I'm consistently coming up against this error message when it tries to connect

{"message":"The request failed due to failure of a previous request.","code":"SC424","suberrors":[{"message":"{\"errors\":[{\"errorType\":\"invalid_client\",\"message\":\"Invalid authorization header format. The header was not recognized to be a valid header for any of known implementations or a client_id was not specified in case of a public client Received header = null. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process.\"}],\"success\":false}","name":"Error"}]}

 The info required to put in is below and I've indicated what I put (if I know!)

  • Authorize URI - https://www.fitbit.com/oauth2/authorize
  • Token URI - https://api.fitbit.com/oauth2/token
  • Scope - I only need 'nutrition'
  • Scope separator - SPACE
  • Client ID - From my app
  • Client secret - From my app
  • Authorize parameters (Key and value) - ???
  • Access token parameters (multiple items, key and value) - ???
  • Refresh token parameters (multiple items, key and value) - ???
  • Custom Headers (multiple items, key and value)
  • Token placement - In the header
  • Header token name - Bearer

Can someone please help me out? I'm struggling with the API documentation given that it's going into a platform and not into code!

Best Answer
Labels:
0 Votes
3 REPLIES 3

‎01-22-2024 06:47

‎01-22-2024 06:47

It works just fine, but unfortunately most of the available libraries and codes out there are outdated and cannot be utilitized!  I also struggled about a month to implement my own oAuth client using ReactJS integrated with firebase and google cloud. There is google DeviceConnect project that works perfect, but as it is designed, it only runs on google cloud services and setting it up includes handling lots of services and technologies and different coding environments. 

Having said that, now I've found some updated projects that are updated and work fine. Particularly I've tested this one lokanx/fitbit-oauth2-client ;  though it's not a complete solution and many api end-points needs to get implemented; it's very well structured and straightforward, so finishing the missing parts should not be a problem, just repeating what has been done for other end-points –at least if you are comfortable using TypeScript or even Javascript. It is written in typescript using mainly express and the env is greatly configured so it's fairly easy to run it in a docker.

Warm regards,
Arman Radmanesh
Best Answer
0 Votes

‎01-22-2024 07:56

In response to ARadmanesh

‎01-22-2024 07:56

To clarify more properly if you are developing a personal application type the proccess using Implicit Grant Flow is pretty easier. To get a sense of how manually you can do it read documentation again and check oauth2-tutorial , for Personal type just fill your Client ID, and emit the "Client secret", also the PKCE "code verifier", "code challenge"  and "state" are not required. So here you have your "client id", you should define a "redirect_uri" and pass it to your request arguments along with the "scope" field. Pay attention to the respose_type=token argument, this means you will get back an access_token which you should use it in your future requests.

So you make a request to

https://www.fitbit.com/oauth2/authorize?response_type=token
    &client_id=<client ID>
    &redirect_uri=<your_redirect_uri>
    &scope=nutrition

You can simply replace the values and paste it in your browser address bar. it will redirect back to the uri you provided, don't worry if it doesn't work! pay attention to the address that is redirected. There you will see a access_token=xxxxxx in the redirected address. This is your token. 

For the next part just make add this header to your api request "Authorization: Bearer <access_token>". for example run this command in the console or terminal.

curl -i -H "Authorization: Bearer <access_token>"  \
 https://api.fitbit.com/1/user/-/profile.json

If your scope only contains nutrition this will return an error. so for practice just add profile to your scope.

hope this helps

Warm regards,
Arman Radmanesh
Best Answer
0 Votes

‎01-22-2024 07:59

‎01-22-2024 07:59

Hi @trelluf 

I'm not familiar with Make.com but it should work.   Based on the error you are receiving, it reads like you have a syntax problem.

{"message":"The request failed due to failure of a previous request.","code":"SC424","suberrors":[{"message":"{\"errors\":[{\"errorType\":\"invalid_client\",\"message\":\"Invalid authorization header format. The header was not recognized to be a valid header for any of known implementations or a client_id was not specified in case of a public client Received header = null. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process.\"}],\"success\":false}","name":"Error"}]}

Can you tell me which endpoint call is giving you this error?   Please provide me the complete syntax including the parameters and the headers.

Thanks!

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes