I am using Titanium (Appcelerator) to connect to Fitbit API. (http://www.appcelerator.com)

I have been facing issues of getting "Invalid Signature" when I am trying to request for token.

I'm using HTTPClient from Titanium.Network.HTTPClient class to send the HTTP Request.

I also uses the oauth-1.0a.js library from https://github.com/ddo/oauth-1.0a to assist in getting the nonce and signature value.

Here is the code:

Ti.include('/oauth/ddo/hmac-sha1.js');
Ti.include('/oauth/ddo/enc-base64-min.js');
Ti.include('/oauth/ddo/oauth-1.0a.js');


function FitBitAuth() {
	FitBitAuth.signatureMethod = "HMAC-SHA1";
	FitBitAuth.clientKey = 'XXXXXXXXXXXXXXXXXXXXXXXXX';
	FitBitAuth.clientSecret = 'XXXXXXXXXXXXXXXXXXXXXXXXXX';
	FitBitAuth.nonce = "R@nD0m_$tR!nGss";
	FitBitAuth.request_token_url = "https://api.fitbit.com/oauth/request_token";
	FitBitAuth.callback_url = "http://www.fitbit.com";
}

FitBitAuth.prototype.createConsumerTokenSecretPair = function() {
	return OAuth({
		consumer : {
			public : FitBitAuth.clientKey,
			secret : FitBitAuth.clientSecret
		},
		signature_method : FitBitAuth.signatureMethod
	});
};

FitBitAuth.prototype.getRequestTokenRequestData = function() {
	return {
		url : "https://api.fitbit.com/oauth/request_token",
		method : 'POST'
	};
};

FitBitAuth.prototype.requestToken = function() {
	var oauth = this.createConsumerTokenSecretPair();
	var request_data = this.getRequestTokenRequestData();
	var authorized_request = oauth.authorize(request_data, '', FitBitAuth.nonce, FitBitAuth.timestamp);
	//alert(authorized_request);
	return authorized_request;
};

function auth1a() {
	var fb = new FitBitAuth();
	var rt = fb.requestToken();
	var req = Ti.Network.createHTTPClient();
	req.open("POST", FitBitAuth.request_token_url);
	req.setRequestHeader('Authorization', 'OAuth oauth_consumer_key="'+FitBitAuth.clientKey+'"');
	Ti.API.info(rt);
	req.send({
		oauth_timestamp : rt.oauth_timestamp,
		oauth_nonce : rt.oauth_nonce,
		oauth_signature : encodeURIComponent(rt.oauth_signature),
		oauth_signature_method: rt.oauth_signature_method,
		oauth_callback : encodeURIComponent(FitBitAuth.callback_url),
		oauth_version : rt.oauth_version
	});

	req.onload = function() {
		var json = this.responseText;
		Ti.API.info("HEADER =====================");
		Ti.API.info(req.getAllResponseHeaders());
		Ti.API.info("END HEADER =================");
		Ti.API.info(json);
		var response = JSON.parse(json);
		//alert(response);
	};

}

I have also tried the Fitbit API Debug tool to assist me in getting all the signature right, in fact the signature and base String do match with the one shown by Fitbit API Debug Tool.

However, I keep getting this Invalid Signature, a sample JSON return is shown below:

{"errors":[{"errorType":"oauth","fieldName":"oauth_signature","message":"Invalid signature: rN**ahem**SGJmFwHp6C38%2F3rMKEe6ZM%3D"}],"success":false}

I have also already tested to do the `curl` way and it works from Terminal, but to no avail it does not give me a success from Titanium.

Any help is appreciated.