help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

OAuth 2.0 Access Token Request problem

ANSWERED

‎08-18-2015 03:39 - edited ‎08-18-2015 03:46

‎08-18-2015 03:39 - edited ‎08-18-2015 03:46

Hi,

 

I follow the instruction at https://dev.fitbit.com/docs/oauth2/ and the document said:

 

"The Authorization header should be set to Basic followed by a space and a Base64 encoded string of your application's client id and secret concatenated with a colon."

 

As I know client id is "OAuth 2.0 Client ID" and secret is "Client (Consumer) Secret" in "Applications I registered". However client ID is a 6-char length and client secret is 32-char length i received an encoded base64 string without an equal signal at the end.

 

For example: 

Client ID = 123ABC
Client Secret = 12345678901234567890123456789012

 

The output of

base64.b64encode(123ABC:12345678901234567890123456789012)

 is 

MTIzQUJDOjEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEy

 

I made a request from command line (Ubuntu 14.04 OS)

curl -X POST -i -H 'Authorization: Basic the_string_encoded_base64' -H 'Content-Type: application/x-www-form-urlencoded' -d 'client_id=my_client_id&grant_type=authorization_code&redirect_uri=my_return_uri&code=my_received_code' https://api.fitbit.com/oauth2/token

 

and got an error

 

{"errors":[{"errorType":"oauth","fieldName":"authorization","message":"Invalid authorization header. Client secret invalid"}],"success":false}

 

I checked many times my OAuth 2.0 Client ID and Client (Consumer) Secret, and the result at https://www.base64encode.org/ also.

 

Please show me where did i go wrong because I am very new with Fitbit API.

 

Thanks.

 

 

Best Answer
Labels:
0 Votes
1 BEST ANSWER

Accepted Solutions

‎08-18-2015 04:01

‎08-18-2015 04:01

Oh my dump, there's nothing wrong with you. It's my failed.

I wrote

tmp_str = fitbit_oauth_20_client_id + ":" + "fitbit_client_consumer_secret"

instead of

tmp_str = fitbit_oauth_20_client_id + ":" + fitbit_client_consumer_secret

 

Sorry. 😛

View best answer in original post

Best Answer
0 Votes
12 REPLIES 12

‎08-18-2015 04:01

‎08-18-2015 04:01

Oh my dump, there's nothing wrong with you. It's my failed.

I wrote

tmp_str = fitbit_oauth_20_client_id + ":" + "fitbit_client_consumer_secret"

instead of

tmp_str = fitbit_oauth_20_client_id + ":" + fitbit_client_consumer_secret

 

Sorry. 😛

Best Answer
0 Votes

‎08-19-2015 12:49

In response to HungN

‎08-19-2015 12:49

Also had a similar problem where tmp_str after the base64 concatenation did not have an = at the end. solved it by : temp_str +"="

Best Answer
0 Votes

‎08-24-2015 10:17

In response to George_Mujuru

‎08-24-2015 10:17

@George_Mujuru wrote:

Also had a similar problem where tmp_str after the base64 concatenation did not have an = at the end. solved it by : temp_str +"="

That's not correct. The '=' character should only be added if it's truly part of the Base64 encoding.

Best Answer
0 Votes

‎08-24-2015 10:25

In response to JeremiahFitbit

‎08-24-2015 10:25

@JeremiahFitbit It was truly base64 encoded. The reason that I say this is because when i used your example  values the client id : client secret an base 64 encoded it I got a base64 encoded value with an "=" at the end however if i used my values I would  not get a base64 encoded value.

 

My code below

BASE64Encoder encoder = new BASE64Encoder();
concatinate = CLIENT_ID + ":" + CLIENT_SECRET;
concate = encoder.encode(concatinate.getBytes());

 

Best Answer
0 Votes

‎01-13-2016 21:30

In response to HungN

‎01-13-2016 21:30

mp_str = fitbit_oauth_20_client_id + ":" + "fitbit_client_consumer_secret"

instead of

tmp_str = fitbit_oauth_20_client_id + ":" + fitbit_client_consumer_secret

 

Actually I don't understand which is the fitbit_client_consumer_secret.

if possible please let me know about it.

 

Thanks and Best wishes

 

Best Answer
0 Votes

‎01-13-2016 21:43

In response to chw333

‎01-13-2016 21:43

Your client secret can be found in your app settings at https://dev.fitbit.com/apps

Best Answer
0 Votes

‎01-13-2016 21:48 - edited ‎01-13-2016 21:53

In response to JeremiahFitbit

‎01-13-2016 21:48 - edited ‎01-13-2016 21:53

client id means : e-mail address.

client secret means ... ????

 

where I can find the data from the secret ? 

 

Have a great day and Thanks and Best wishes

Best Answer
0 Votes

‎01-13-2016 22:06

In response to JeremiahFitbit

‎01-13-2016 22:06

OK got it.

Thanks and Best wishes

 

Best Answer
0 Votes

‎01-29-2018 21:29 - edited ‎01-29-2018 21:44

In response to George_Mujuru

‎01-29-2018 21:29 - edited ‎01-29-2018 21:44

Does that "=" sign is important in the authorization header part after the client id and client secret?. Because when I encode my client_id and client_secret in base64 the "=" sign never comes in that so I am little bit confuse about that if you have any solutions about this please let me know it will help me a lot.

Thanks.

Best Answer
0 Votes

‎01-29-2018 21:35

In response to Navindas

‎01-29-2018 21:35

@Navindas you can check at https://www.base64encode.org/ and compare the result with the base64 output that your application produces. "=" at the end is not always the case but I've seen "=" of even "==" for most of the basic tokens.

Best Answer
0 Votes

‎01-29-2018 22:02 - edited ‎01-29-2018 22:10

In response to IoanbsuFitbit

‎01-29-2018 22:02 - edited ‎01-29-2018 22:10

@IoanbsuFitbit Result comes the same from both the way there is no equal sign for my client_id and client_secret after it get encoded in base64 both in my applications and on this website https://www.base64encode.org/ which you refer me. But I am the getting the error after hitting this url "https://api.fitbit.com/oauth2/token" and the error is "Error : unsupported url". where I am getting wrong?

Here is my code

NSMutableString *urlString = [NSMutableString string];

    [urlString appendString:Fitbit_Access_Token_URL];

    

    NSMutableURLRequest *urlRequest = [[NSMutableURLRequest alloc]init];

    [urlRequest setValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"Content-Type"];

    

    //Token Authorization Header Part

//    NSLog(@"Nourish Utils authoriztion of token : %@",[token_Authorization]);

    NSString *tokenString = [@[Fitbit_Client_ID,Fitbit_Client_Secret] componentsJoinedByString:@":"];

    NSData *data = [tokenString dataUsingEncoding:NSUTF8StringEncoding];

    

    NSString *base64 = [data base64EncodedStringWithOptions:0];

    

    NSLog(@"Encoded string : %@",base64);

    

    [urlRequest setValue:[NSString stringWithFormat:@"Basic %@",base64] forHTTPHeaderField:@"Authorization"];

    //////

    

    //Token Body Parameter Part

    NSMutableString *token_Parameters = [NSMutableString string];

    [token_Parameters appendString:@"grant_type=refresh_token&"];

    [token_Parameters appendFormat:@"refresh_token=%@",[[NSUserDefaults standardUserDefaults]valueForKey:@"fitbit_access_token"]];

    //////

    

    urlRequest.HTTPBody = [token_Parameters stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];

    urlRequest.HTTPMethod = @"POST";

Please let me know if I am getting wrong somewhere in the above code.

Thanks.

Best Answer
0 Votes

‎01-29-2018 22:15 - edited ‎01-29-2018 22:16

In response to Navindas

‎01-29-2018 22:15 - edited ‎01-29-2018 22:16

I got it I didnt set the urlrequest that why I am the getting the error. So it was my fault.

Sorry.

wrote:

@IoanbsuFitbit Result comes the same from both the way there is no equal sign for my client_id and client_secret after it get encoded in base64 both in my applications and on this website https://www.base64encode.org/ which you refer me. But I am the getting the error after hitting this url "https://api.fitbit.com/oauth2/token" and the error is "Error : unsupported url". where I am getting wrong?

Here is my code

NSMutableString *urlString = [NSMutableString string];

    [urlString appendString:Fitbit_Access_Token_URL];

    

    NSMutableURLRequest *urlRequest = [[NSMutableURLRequest alloc]init];

    [urlRequest setValue:@"application/x-www-form-urlencoded" forHTTPHeaderField:@"Content-Type"];

    

    //Token Authorization Header Part

//    NSLog(@"Nourish Utils authoriztion of token : %@",[token_Authorization]);

    NSString *tokenString = [@[Fitbit_Client_ID,Fitbit_Client_Secret] componentsJoinedByString:@":"];

    NSData *data = [tokenString dataUsingEncoding:NSUTF8StringEncoding];

    

    NSString *base64 = [data base64EncodedStringWithOptions:0];

    

    NSLog(@"Encoded string : %@",base64);

    

    [urlRequest setValue:[NSString stringWithFormat:@"Basic %@",base64] forHTTPHeaderField:@"Authorization"];

    //////

    

    //Token Body Parameter Part

    NSMutableString *token_Parameters = [NSMutableString string];

    [token_Parameters appendString:@"grant_type=refresh_token&"];

    [token_Parameters appendFormat:@"refresh_token=%@",[[NSUserDefaults standardUserDefaults]valueForKey:@"fitbit_access_token"]];

    //////

   ---> [urlRequest setURL:[NSURL URLWithString:urlString]];  <-----

    urlRequest.HTTPBody = [token_Parameters stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];

    urlRequest.HTTPMethod = @"POST";

Please let me know if I am getting wrong somewhere in the above code.

Thanks.

 

Best Answer
0 Votes