Cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

OAUTH2.0 Fitbit redirect_uri & callback Url (Invalid redirect_uri value)

ANSWERED

2 Questions

 

1. How to specify multiple Callback URLs while registering app? Are they to be seperated by comma ?

 

2. Does fitbit not support extra parameter/s to be sent appended to callback url specified ? I have a senario in which I need to pass user_id (whose value will be dynamic & i cannot register all urls for all my website users, a few millions) of my application user in the callback url and it fails saying wrong redirect_uri. So I suppose Fitbit does not allow additional parameter in specified uri ?

 

I see most other OAuth2.0 implementations giving flexibility to append parameters in redirect_uri to already specified oauth callback url. I guess that would keep compatibility with OAuth 1. Please suggest.

Best Answer
0 Votes
1 BEST ANSWER

Accepted Solutions

@aditya14641 wrote:

2 Questions

 

1. How to specify multiple Callback URLs while registering app? Are they to be seperated by comma ?


One callback URL per line

 


@aditya14641 wrote:
2. Does fitbit not support extra parameter/s to be sent appended to callback url specified ? I have a senario in which I need to pass user_id (whose value will be dynamic & i cannot register all urls for all my website users, a few millions) of my application user in the callback url and it fails saying wrong redirect_uri. So I suppose Fitbit does not allow additional parameter in specified uri ?

 

I see most other OAuth2.0 implementations giving flexibility to append parameters in redirect_uri to already specified oauth callbacl url


Those OAuth 2.0 implementations are not as secure. The "state" parameter is the intended method for applications to achieve this. You specify a "state" string when sending users to the Authorization page. Fitbit will append your state string verbatim in the redirect URI. Your application should verify the state values match and pull whatever dynamic data you need out of it.

 

More information on the "state" parameter:

http://www.thread-safe.com/2014/05/the-correct-use-of-state-parameter-in.html

http://www.twobotechnologies.com/blog/2014/02/importance-of-state-in-oauth2.html

View best answer in original post

Best Answer
0 Votes
6 REPLIES 6

@aditya14641 wrote:

2 Questions

 

1. How to specify multiple Callback URLs while registering app? Are they to be seperated by comma ?


One callback URL per line

 


@aditya14641 wrote:
2. Does fitbit not support extra parameter/s to be sent appended to callback url specified ? I have a senario in which I need to pass user_id (whose value will be dynamic & i cannot register all urls for all my website users, a few millions) of my application user in the callback url and it fails saying wrong redirect_uri. So I suppose Fitbit does not allow additional parameter in specified uri ?

 

I see most other OAuth2.0 implementations giving flexibility to append parameters in redirect_uri to already specified oauth callbacl url


Those OAuth 2.0 implementations are not as secure. The "state" parameter is the intended method for applications to achieve this. You specify a "state" string when sending users to the Authorization page. Fitbit will append your state string verbatim in the redirect URI. Your application should verify the state values match and pull whatever dynamic data you need out of it.

 

More information on the "state" parameter:

http://www.thread-safe.com/2014/05/the-correct-use-of-state-parameter-in.html

http://www.twobotechnologies.com/blog/2014/02/importance-of-state-in-oauth2.html

Best Answer
0 Votes

Hi,

 

I am appending "state" parameter only to my authorization URL.

So my authorization url looks like :

 

https://www.fitbit.com/oauth2/authorize?response_type=code&scope=activity+heartrate+location+nutriti..._url_encoded}&state={user_id_specific_to_my_application}

 

However, fitbit does not seem to validate it and still throws following error:

Developer information: invalid_request - Invalid redirect_uri parameter value

Best Answer
0 Votes

Hi.

 

I have the same issue. I recently migrated my app connection with fibit to Oauth2.0. It was working fine few days back but now its stop working.

 

In below url you can see what url I am trying to include as request_uri. Its exactly the same that I defined in app settings "http://perkit.eu/fitbit/connect" in http://dev.fitbit.com but error is still there.

 

https://www.fitbit.com/oauth2/authorize?response_type=code&client_id=229ndz&redirect_uri=http%3a%2f%...

 

Best Answer
0 Votes

@aditya14641: It looks like you're missing a client_id in your example.

Best Answer
0 Votes

@perkit: I replied in your other topic, but just in case: the client id is case sensitive. Your client id should be 229NDZ.

Best Answer
0 Votes

1. How to specify multiple Callback URLs while registering app? Are they to be seperated by comma ?

 

How to solve this issue.

When we select the client and pass callback url then get profile data not getting friends data.

When we select the server and put the callback url this https://oauth.io/auth then got friends data. 

So how can possible to get the both data for a single selection.

 

Best Answer
0 Votes