Solved: OAUTH2.0 Fitbit redirect_uri & callback Url (Inval...

aditya14641 · ‎06-15-2015

2 Questions

1. How to specify multiple Callback URLs while registering app? Are they to be seperated by comma ?

2. Does fitbit not support extra parameter/s to be sent appended to callback url specified ? I have a senario in which I need to pass user_id (whose value will be dynamic & i cannot register all urls for all my website users, a few millions) of my application user in the callback url and it fails saying wrong redirect_uri. So I suppose Fitbit does not allow additional parameter in specified uri ?

I see most other OAuth2.0 implementations giving flexibility to append parameters in redirect_uri to already specified oauth callback url. I guess that would keep compatibility with OAuth 1. Please suggest.

JeremiahFitbit · ‎06-15-2015

@aditya14641 wrote:

2 Questions

1. How to specify multiple Callback URLs while registering app? Are they to be seperated by comma ?

One callback URL per line

@aditya14641 wrote:

2. Does fitbit not support extra parameter/s to be sent appended to callback url specified ? I have a senario in which I need to pass user_id (whose value will be dynamic & i cannot register all urls for all my website users, a few millions) of my application user in the callback url and it fails saying wrong redirect_uri. So I suppose Fitbit does not allow additional parameter in specified uri ?

I see most other OAuth2.0 implementations giving flexibility to append parameters in redirect_uri to already specified oauth callbacl url

Those OAuth 2.0 implementations are not as secure. The "state" parameter is the intended method for applications to achieve this. You specify a "state" string when sending users to the Authorization page. Fitbit will append your state string verbatim in the redirect URI. Your application should verify the state values match and pull whatever dynamic data you need out of it.

More information on the "state" parameter:

http://www.thread-safe.com/2014/05/the-correct-use-of-state-parameter-in.html

http://www.twobotechnologies.com/blog/2014/02/importance-of-state-in-oauth2.html

View best answer in original post

JeremiahFitbit · ‎06-15-2015

@aditya14641 wrote:

2 Questions

1. How to specify multiple Callback URLs while registering app? Are they to be seperated by comma ?

One callback URL per line

@aditya14641 wrote:

2. Does fitbit not support extra parameter/s to be sent appended to callback url specified ? I have a senario in which I need to pass user_id (whose value will be dynamic & i cannot register all urls for all my website users, a few millions) of my application user in the callback url and it fails saying wrong redirect_uri. So I suppose Fitbit does not allow additional parameter in specified uri ?

I see most other OAuth2.0 implementations giving flexibility to append parameters in redirect_uri to already specified oauth callbacl url

Those OAuth 2.0 implementations are not as secure. The "state" parameter is the intended method for applications to achieve this. You specify a "state" string when sending users to the Authorization page. Fitbit will append your state string verbatim in the redirect URI. Your application should verify the state values match and pull whatever dynamic data you need out of it.

More information on the "state" parameter:

http://www.thread-safe.com/2014/05/the-correct-use-of-state-parameter-in.html

http://www.twobotechnologies.com/blog/2014/02/importance-of-state-in-oauth2.html

aditya14641 · ‎06-15-2015

Hi,

I am appending "state" parameter only to my authorization URL.

So my authorization url looks like :

https://www.fitbit.com/oauth2/authorize?response_type=code&scope=activity+heartrate+location+nutriti..._url_encoded}&state={user_id_specific_to_my_application}

However, fitbit does not seem to validate it and still throws following error:

Developer information: invalid_request - Invalid redirect_uri parameter value

perkit · ‎08-30-2016

Hi.

I have the same issue. I recently migrated my app connection with fibit to Oauth2.0. It was working fine few days back but now its stop working.

In below url you can see what url I am trying to include as request_uri. Its exactly the same that I defined in app settings "http://perkit.eu/fitbit/connect" in http://dev.fitbit.com but error is still there.

https://www.fitbit.com/oauth2/authorize?response_type=code&client_id=229ndz&redirect_uri=http%3a%2f%...

JeremiahFitbit · ‎09-05-2016

@aditya14641: It looks like you're missing a client_id in your example.

JeremiahFitbit · ‎09-05-2016

@perkit: I replied in your other topic, but just in case: the client id is case sensitive. Your client id should be 229NDZ.

abhay.12 · ‎05-23-2018

1. How to specify multiple Callback URLs while registering app? Are they to be seperated by comma ?

How to solve this issue.

When we select the client and pass callback url then get profile data not getting friends data.

When we select the server and put the callback url this https://oauth.io/auth then got friends data.

So how can possible to get the both data for a single selection.

Join us on the Community Forums!

Community Guidelines

Learn the Basics

Join the Community!

Not finding your answer on the Community Forums?

Go to the Help Site

Contact Support

OAUTH2.0 Fitbit redirect_uri & callback Url (Invalid redirect_uri value)

aditya14641

JeremiahFitbit

JeremiahFitbit

aditya14641

perkit

JeremiahFitbit

JeremiahFitbit

abhay.12