08-18-2015 03:39 - edited 08-18-2015 03:46
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

08-18-2015 03:39 - edited 08-18-2015 03:46
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Hi,
I follow the instruction at https://dev.fitbit.com/docs/oauth2/ and the document said:
"The Authorization header should be set to Basic followed by a space and a Base64 encoded string of your application's client id and secret concatenated with a colon."
As I know client id is "OAuth 2.0 Client ID" and secret is "Client (Consumer) Secret" in "Applications I registered". However client ID is a 6-char length and client secret is 32-char length i received an encoded base64 string without an equal signal at the end.
For example:
Client ID = 123ABC Client Secret = 12345678901234567890123456789012
The output of
base64.b64encode(123ABC:12345678901234567890123456789012)
is
MTIzQUJDOjEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEy
I made a request from command line (Ubuntu 14.04 OS)
curl -X POST -i -H 'Authorization: Basic the_string_encoded_base64' -H 'Content-Type: application/x-www-form-urlencoded' -d 'client_id=my_client_id&grant_type=authorization_code&redirect_uri=my_return_uri&code=my_received_code' https://api.fitbit.com/oauth2/token
and got an error
{"errors":[{"errorType":"oauth","fieldName":"authorization","message":"Invalid authorization header. Client secret invalid"}],"success":false}
I checked many times my OAuth 2.0 Client ID and Client (Consumer) Secret, and the result at https://www.base64encode.org/ also.
Please show me where did i go wrong because I am very new with Fitbit API.
Thanks.
Answered! Go to the Best Answer.
Accepted Solutions
08-18-2015 04:01
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

08-18-2015 04:01
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Oh my dump, there's nothing wrong with you. It's my failed.
I wrote
tmp_str = fitbit_oauth_20_client_id + ":" + "fitbit_client_consumer_secret"
instead of
tmp_str = fitbit_oauth_20_client_id + ":" + fitbit_client_consumer_secret
Sorry. 😛

08-18-2015 04:01
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

08-18-2015 04:01
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Oh my dump, there's nothing wrong with you. It's my failed.
I wrote
tmp_str = fitbit_oauth_20_client_id + ":" + "fitbit_client_consumer_secret"
instead of
tmp_str = fitbit_oauth_20_client_id + ":" + fitbit_client_consumer_secret
Sorry. 😛

08-19-2015 12:49
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

08-19-2015 12:49
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Also had a similar problem where tmp_str after the base64 concatenation did not have an = at the end. solved it by : temp_str +"="

08-24-2015 10:17
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



08-24-2015 10:17
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
@George_Mujuru wrote:
Also had a similar problem where tmp_str after the base64 concatenation did not have an = at the end. solved it by : temp_str +"="
That's not correct. The '=' character should only be added if it's truly part of the Base64 encoding.

08-24-2015 10:25
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

08-24-2015 10:25
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
@JeremiahFitbit It was truly base64 encoded. The reason that I say this is because when i used your example values the client id : client secret an base 64 encoded it I got a base64 encoded value with an "=" at the end however if i used my values I would not get a base64 encoded value.
My code below
BASE64Encoder encoder = new BASE64Encoder(); concatinate = CLIENT_ID + ":" + CLIENT_SECRET; concate = encoder.encode(concatinate.getBytes());

01-13-2016 21:30
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

01-13-2016 21:30
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
mp_str = fitbit_oauth_20_client_id + ":" + "fitbit_client_consumer_secret"
instead of
tmp_str = fitbit_oauth_20_client_id + ":" + fitbit_client_consumer_secret
Actually I don't understand which is the fitbit_client_consumer_secret.
if possible please let me know about it.
Thanks and Best wishes

01-13-2016 21:43
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



01-13-2016 21:43
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Your client secret can be found in your app settings at https://dev.fitbit.com/apps

01-13-2016 21:48 - edited 01-13-2016 21:53
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

01-13-2016 21:48 - edited 01-13-2016 21:53
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
client id means : e-mail address.
client secret means ... ????
where I can find the data from the secret ?
Have a great day and Thanks and Best wishes

01-13-2016 22:06
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

01-13-2016 22:06
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
OK got it.
Thanks and Best wishes

01-29-2018 21:29 - edited 01-29-2018 21:44
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

01-29-2018 21:29 - edited 01-29-2018 21:44
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Does that "=" sign is important in the authorization header part after the client id and client secret?. Because when I encode my client_id and client_secret in base64 the "=" sign never comes in that so I am little bit confuse about that if you have any solutions about this please let me know it will help me a lot.
Thanks.

01-29-2018 21:35
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



01-29-2018 21:35
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
@Navindas you can check at https://www.base64encode.org/ and compare the result with the base64 output that your application produces. "=" at the end is not always the case but I've seen "=" of even "==" for most of the basic tokens.

01-29-2018 22:02 - edited 01-29-2018 22:10
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

01-29-2018 22:02 - edited 01-29-2018 22:10
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
@IoanbsuFitbit Result comes the same from both the way there is no equal sign for my client_id and client_secret after it get encoded in base64 both in my applications and on this website https://www.base64encode.org/ which you refer me. But I am the getting the error after hitting this url "https://api.fitbit.com/oauth2/token" and the error is "Error : unsupported url". where I am getting wrong?
Here is my code
NSMutableString *urlString = [NSMutableString string];
[urlString appendString:Fitbit_Access_Token_URL];
NSMutableURLRequest *urlRequest = [[NSMutableURLRequest alloc]init];
[urlRequest setValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"Content-Type"];
//Token Authorization Header Part
// NSLog(@"Nourish Utils authoriztion of token : %@",[token_Authorization]);
NSString *tokenString = [@[Fitbit_Client_ID,Fitbit_Client_Secret] componentsJoinedByString:@":"];
NSData *data = [tokenString dataUsingEncoding:NSUTF8StringEncoding];
NSString *base64 = [data base64EncodedStringWithOptions:0];
NSLog(@"Encoded string : %@",base64);
[urlRequest setValue:[NSString stringWithFormat:@"Basic %@",base64] forHTTPHeaderField:@"Authorization"];
//////
//Token Body Parameter Part
NSMutableString *token_Parameters = [NSMutableString string];
[token_Parameters appendString:@"grant_type=refresh_token&"];
[token_Parameters appendFormat:@"refresh_token=%@",[[NSUserDefaults standardUserDefaults]valueForKey:@"fitbit_access_token"]];
//////
urlRequest.HTTPBody = [token_Parameters stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];
urlRequest.HTTPMethod = @"POST";
Please let me know if I am getting wrong somewhere in the above code.
Thanks.

01-29-2018 22:15 - edited 01-29-2018 22:16
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

01-29-2018 22:15 - edited 01-29-2018 22:16
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
I got it I didnt set the urlrequest that why I am the getting the error. So it was my fault.
Sorry.
wrote:@IoanbsuFitbit Result comes the same from both the way there is no equal sign for my client_id and client_secret after it get encoded in base64 both in my applications and on this website https://www.base64encode.org/ which you refer me. But I am the getting the error after hitting this url "https://api.fitbit.com/oauth2/token" and the error is "Error : unsupported url". where I am getting wrong?
Here is my code
NSMutableString *urlString = [NSMutableString string];
[urlString appendString:Fitbit_Access_Token_URL];
NSMutableURLRequest *urlRequest = [[NSMutableURLRequest alloc]init];
[urlRequest setValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"Content-Type"];
//Token Authorization Header Part
// NSLog(@"Nourish Utils authoriztion of token : %@",[token_Authorization]);
NSString *tokenString = [@[Fitbit_Client_ID,Fitbit_Client_Secret] componentsJoinedByString:@":"];
NSData *data = [tokenString dataUsingEncoding:NSUTF8StringEncoding];
NSString *base64 = [data base64EncodedStringWithOptions:0];
NSLog(@"Encoded string : %@",base64);
[urlRequest setValue:[NSString stringWithFormat:@"Basic %@",base64] forHTTPHeaderField:@"Authorization"];
//////
//Token Body Parameter Part
NSMutableString *token_Parameters = [NSMutableString string];
[token_Parameters appendString:@"grant_type=refresh_token&"];
[token_Parameters appendFormat:@"refresh_token=%@",[[NSUserDefaults standardUserDefaults]valueForKey:@"fitbit_access_token"]];
//////
---> [urlRequest setURL:[NSURL URLWithString:urlString]]; <-----
urlRequest.HTTPBody = [token_Parameters stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];
urlRequest.HTTPMethod = @"POST";
Please let me know if I am getting wrong somewhere in the above code.
Thanks.

