The redirect_uri / callback URL can be local to your network. Fitbit sends the redirect response and the client then requests the URL, so you're fine as long as your client can access the URI.

If it's a Node app, it's a server app.

---

@SunsetRunner wrote:

I set it up as a server app (didn't setup any subscribers).  I then went to the O Auth 2.0 Tutorial page and filled in the information that builds the link.  I used Implicit Grant flow and then clicked on the link.  I then get the following error:

Developer information: unauthorized_client - The client is not authorized to request an access token using this method.

---

Implicit Grant Flow is a public client app flow. If you have a server app, you must use the Authorization Code Grant Flow.

---

@SunsetRunner wrote:

Ok - I got the CURL command and ran it.  Everything looks great!  In order for me to use this, do I have to create a Subscriber account?

---

You only need to create a Subscriber if you want to use the Subscriptions API.

I am also trying to use Node Red and the apis. I can't seem to get by correct tokens.  I have tried to follow the OAuth 2.0 tutorial page, and I get down to 1A Get Code, I see the CURL and use Hurl.it and receive an error

"errors": [
{
"errorType": "invalid_client",
"message": "Invalid authorization header format. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."
}
],
"success": false

I created the application as a Server and am trying to use the Authorization Code Flow. What am I doing wrong?

@OhioSkier You probably have to add the "Authorization: Basic {token}" header back, for some reason it gets removed when you click "Send to Hurt.it".

You can see the example I have in a different thread.

I still could not get Hurl to work with your suggestions.

Someone suggested that I copy the curl and use the bash shell, that did work (it would be nice if your tutorial page worked). I was able to get to step 3 in the OAuth 2.0 tutorial page. Progress I thought. I copy the key from Step 3 and over to NodeRed.  In the Node component I  pasted the key into the key field and the Client Secret from my register app page in to the secret key. I pressed the Authenticate with FitBit and no joy 😞 Here is the error received.

Something went wrong with the authentication process. The following error was returned:

401: {"errors":[{"errorType":"oauth","fieldName":"oauth_consumer_key","message":"Invalid consumer key: KEY FROM STEP3"}],"success":false}

One known cause of this type of failure is if the clock is wrong on system running Node-RED.

The version of NodeRed is on IBM BlueMix.  Any ideas from here?

After talking with someone at work, it turns out the Fitbit components for NodeRed are pre-oAuth 2. Bummer!

Thanks for your help, I understand how to use the code to make the call for the oAuth Token and will incorporate that into my coding rather than relying on the components to do the work.

It look like not at this time.  The folks that wrote the components for Node Red have know since 2015 that there was an issue with oAuth 2. I have been trying to use functions in Node Red to do what the components should do, but no joy for me yet. More work.