help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

OAuth get stuck in Custom Tabs/firefox or any browser on phone in Android

ANSWERED

‎06-15-2021 10:25

‎06-15-2021 10:25

whenever I call the 

https://www.fitbit.com/oauth2/authorize?response_type=token&client_id=<CLIENT_ID>&redirect_uri=https://my_redirect_url&scope=activity nutrition heartrate location nutrition profile settings sleep social weight&expires_in=604800

it get stuck at 
https://www.fitbit.com/login/transferpage?redirect=https%253A%252F%252Fwww.fitbit.com......

this page

Best Answer
Labels:
0 Votes
1 BEST ANSWER

Accepted Solutions

‎06-17-2021 06:32

In response to devsarathsvs

‎06-17-2021 06:32

Hi @devsarathsvs 

 

After you log in, are you presented with the scopes / consent page or do you get sent to the transferpage URL? 

 

The redirect URL is suppose to be a location in your application that will extract the access token or authorization code from the URL.   For example, let's pretend your redirect URL is https://myapplication.com/callback.  Once you log in and select your scopes, the user is redirected to https://myapplication.com/callback/#access_token=sdfgsdgsf.   The service at https://myapplication.com/callback/ will need to extract the access token from the redirect URL and use it when making the API calls.   I suspect the reason you're not presented with the login page each time is because the user has already consented to this  application and the application hasn't made any changes to the scopes it is requesting.   If you want to be presented with the scope page again, you'll need to revoke consent through the user's Fitbit account.

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

View best answer in original post

Best Answer
0 Votes
5 REPLIES 5

‎06-15-2021 11:12

‎06-15-2021 11:12

Hi @devsarathsvs 

 

What is sounds like is you're calling the /oauth2/authorize endpoint and you are being redirected to the https://www.fitbit.com/login/transferpage?... site.   Are you being asked to log in?

 

Gordon

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes

‎06-15-2021 19:33

In response to Gordon-C

‎06-15-2021 19:33

yes, it was showing the login page, then I logged in, it happens after the login, also I think the issue is it's not redirecting to my App, because when I copied the URL (https://www.fitbit.com/login/transferpage?..) and paste it on chrome on my PC it's redirecting to the URL

 

I tried many ways, I can't get the app to just simply login and get a token back to my app, can't even find a good documentation/tutorial anywhere

Best Answer

‎06-15-2021 19:40

In response to Gordon-C

‎06-15-2021 19:40

cant add any custom scheme, I can only give HTTPS URL as redirect_url, every time I try to log in, in the end, it won't redirect to the app, it just loads that redirect_uri in the chrome/customtab, no popup, no redirection to app

Best Answer

‎06-15-2021 19:55

In response to Gordon-C

‎06-15-2021 19:55

and one more thing, when I give redirect_url as recommended, like "https://finished" it will get redirected to something like this "https://finished/#access_token=eyJhbGc" but it will show in the browser "This site can’t be reached" and it won't redirect to the app, even though I added scheme="https" and data="finished" in the manifest file

Best Answer
0 Votes

‎06-17-2021 06:32

In response to devsarathsvs

‎06-17-2021 06:32

Hi @devsarathsvs 

 

After you log in, are you presented with the scopes / consent page or do you get sent to the transferpage URL? 

 

The redirect URL is suppose to be a location in your application that will extract the access token or authorization code from the URL.   For example, let's pretend your redirect URL is https://myapplication.com/callback.  Once you log in and select your scopes, the user is redirected to https://myapplication.com/callback/#access_token=sdfgsdgsf.   The service at https://myapplication.com/callback/ will need to extract the access token from the redirect URL and use it when making the API calls.   I suspect the reason you're not presented with the login page each time is because the user has already consented to this  application and the application hasn't made any changes to the scopes it is requesting.   If you want to be presented with the scope page again, you'll need to revoke consent through the user's Fitbit account.

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes