help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

OAuth prompt parameter

ANSWERED

‎01-19-2016 14:49

‎01-19-2016 14:49

I want to force a login each time I call the Fitbit Oauth API. The documentation says the "prompt" parameter can be set to achieve different authorization behaviors. It looks like the setting "login" is what I want to use, but when I set prompt to that value, I do not see any difference. If I am logged into Fitbit, I stay logged in, and no login screen appears. 

 

I am using Ruby, Rails, Devise, and Omniauth, and have this set:

 

  config.omniauth :fitbit,
    Rails.configuration.x.fitbit_key,
    Rails.configuration.x.fitbit_secret,
    authorize_params: { prompt: 'login' }

 

Am I missing something? 

 

Best Answer
Labels:
0 Votes
1 BEST ANSWER

Accepted Solutions

‎01-21-2016 15:41

In response to martinstreicher

‎01-21-2016 15:41

I can't debug your code, but I can demonstrate this behavior.

 

Here is an authorization page for my demo app. It will redirect you to https://localhost/ after authorization, so look at your browser URL bar instead of expecting a page to load.

 

https://www.fitbit.com/oauth2/authorize?response_type=token&client_id=228YX6&redirect_uri=https%3A%2...

 

Every time I go to that URL, no matter how many times I've authorized the app, I will be signed out of fitbit.com, forced to sign in, and prompted (re) authorized the app.

View best answer in original post

Best Answer
0 Votes
9 REPLIES 9

‎01-19-2016 14:56

‎01-19-2016 14:56

If I use this code...

 

  config.omniauth :fitbit,
    Rails.configuration.x.fitbit_key,
    Rails.configuration.x.fitbit_secret,
    authorize_params: { prompt: 'consent', requestCredentials: 'true' }

... I can force the login screen. A PHP developer posted about the requestCredentials parameter. Why is it not documented? Is prompt a real parameter? 

Best Answer
0 Votes

‎01-19-2016 16:43

In response to martinstreicher

‎01-19-2016 16:43

'prompt' is the correct parameter and its values are documented here.

 

'requestCredentials' is not a valid Authorization Page parameter for Fitbit.

Best Answer
0 Votes

‎01-21-2016 15:33

In response to JeremiahFitbit

‎01-21-2016 15:33

I am almost certain that specifying authorize_params: { prompt: 'login'} did not change the behavior. Do you have a working code sample showing that it does? 

Best Answer
0 Votes

‎01-21-2016 15:41

In response to martinstreicher

‎01-21-2016 15:41

I can't debug your code, but I can demonstrate this behavior.

 

Here is an authorization page for my demo app. It will redirect you to https://localhost/ after authorization, so look at your browser URL bar instead of expecting a page to load.

 

https://www.fitbit.com/oauth2/authorize?response_type=token&client_id=228YX6&redirect_uri=https%3A%2...

 

Every time I go to that URL, no matter how many times I've authorized the app, I will be signed out of fitbit.com, forced to sign in, and prompted (re) authorized the app.

Best Answer
0 Votes

‎01-24-2016 11:53

In response to JeremiahFitbit

‎01-24-2016 11:53

Thanks for the reply. I will check the params in the browser's request to login and make sure the prompt params is there. 

Best Answer
0 Votes

‎01-24-2016 21:01

In response to martinstreicher

‎01-24-2016 21:01

/usr/lib/python2.6/site-packages/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
Traceback (most recent call last):
File "test.py", line 92, in <module>
intradayH = authd_client.intraday_time_series('activities/heart', base_date = '2015-10-28', detail_level = '1sec', start_time = None , end_time = None )
File "/root/fitbit/fitbit/api.py", line 687, in intraday_time_series
return self.make_request(url)
File "/root/fitbit/fitbit/api.py", line 362, in make_request
response = self.client.make_request(*args, **kwargs)
File "/root/fitbit/fitbit/api.py", line 225, in make_request
raise exc
fitbit.exceptions.HTTPTooManyRequests: Rate limit exceeded for this user. Please try again at the start of the hour. More information about rate limiting is at <https://dev.fitbit.com/docs>.

Best Answer
0 Votes

‎01-25-2016 11:19

In response to chw333

‎01-25-2016 11:19

That just means that you exceeded the rate limit.

Best Answer
0 Votes

‎01-25-2016 11:26

In response to chw333

‎01-25-2016 11:26

I am not sure what this has to do with Oauth. 

Best Answer
0 Votes

‎01-25-2016 11:35

In response to martinstreicher

‎01-25-2016 11:35

It doesn't. It looks like you were making a request to the activities/heart time series.

Best Answer
0 Votes