help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Oauth2 401 Error

‎02-28-2020 13:50

‎02-28-2020 13:50

Aloha, I have seen this same error posted in past posts, however none of the responses are working for me.  I am using Axios inside of a React app.

 

I have successfully returned the auth_code, however when I make my post for the token I receive the following error:

 

  1. {errors: [{errorType: "invalid_client",…}], success: false}
    1. errors: [{errorType: "invalid_client",…}]
      1. 0: {errorType: "invalid_client",…}
        1. errorType: "invalid_client"
        2. message: "Invalid authorization header format. The header was not recognized to be a valid header for any of known implementations or a client_id was not specified in case of a public client Received header = null. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."
    2. success: false

 

Below is my POST:

 

const response = await axios.post("https://api.fitbit.com/oauth2/token", {
body: form_data,
headers
});
 
And here is my console logs of the form_data and headers:
 
headers:
  1. Content-Type: "application/x-www-form-urlencoded"
  2. Authorization: "Basic [(here I am using a Base64 client_id:client_secret)]". 

form_data:client_id=[Redacted]&grant_type=authorization_code&redirect_uri=http%253A%252F%252Flocalhost%253A3000%252Fauth%252Fcallback&code=784544a4e1d789bc1a1f6692692795b74e8c28e6

 

I have confirmed my client id and secret numerous times.  

Can you see where I am making a mistake?

 
Best Answer
Labels:
0 Votes
5 REPLIES 5

‎02-28-2020 14:54 - edited ‎02-28-2020 15:06

‎02-28-2020 14:54 - edited ‎02-28-2020 15:06

Aloha @quinlayen 

 

At a high-level, it looks like you have everything included correctly.   However, I'm not familiar with your programming environment to know of its quirks.  A few questions I have are

 

  1. Was there any other messaging provided besides "invalid_client"?   There are several reasons for receiving the errorType "invalid_client",https://dev.fitbit.com/build/reference/web-api/troubleshooting-guide/error-messages/#401-unauthorize....  Having the corresponding message might help.
  2. I'm not familiar with the form_data:<headers> to know if this is correct behavior or syntax.
  3. Have you tested the process within the OAuth2 Tutorial to confirm you have everything configured correctly?  Here's the documentation on where to find it, https://dev.fitbit.com/build/reference/web-api/troubleshooting-guide/debugging-tools/#oauth-2-0-tuto....

Gordon

 

 

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes

‎02-28-2020 17:39

In response to GordonFitbit

‎02-28-2020 17:39

Hi Gordon,  thanks for replying.

 

Here are the answers to your questions:

1) yes there was more in the error.  I pasted the entire error in the OP, which included the message which indicates it is an unauthorized header format.

 

2)Regarding the form_data, I guess I should have posted what it looked like in code so that it made more sense.  I created an object named form_data and made that the body of the POST. I then console logged it and that log is what I put in the OP.  Here is what the code looks like with a few changes to allow me to post here without giving private info:

 

const form_data qs.stringify({
    client_id,
    grant_type,
    redirect_uri,
    code,
});
 
let headers = {
    'Content-Type': 'application/x-www-form-urlencoded',
    Authorization: 'Basic client_id:client_secret'.   //the client_id:client_secret is Base64
    )}`
};
 
const response = await axios.post("https://api.fitbit.com/oauth2/token", {
    body: form_data,
    headers
});
 
 
3. I have run this same code using a Node server I wrote and it worked fine
Best Answer
0 Votes

‎03-02-2020 16:20

In response to quinlayen

‎03-02-2020 16:20

Hi @quinlayen 

 

I feel like something is not translating correctly with your code.   I've been searching around for examples that might help and haven't found anything yet.   Would you please provide me with your client ID.   Maybe I can figure out what's going on in our logs.

 

Thanks!

Gordon

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes

‎03-02-2020 16:35

In response to GordonFitbit

‎03-02-2020 16:35

Also, instead of using stringify, have you tried listing out all of the parameters and their values to see if it works.   For example,

 

body: "client_id=<value>&grant_type=authorization_code&..."

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes

‎03-03-2020 14:36

In response to GordonFitbit

‎03-03-2020 14:36

Hi @GordonFitbit .  I actually figured it out.  I was urlencoding the redirect_uri as I thought I was supposed to, however that did not work in translation.  Not sure why, but when I used just the url as is without encoding I was able to get it to work.

 

Thank you for taking the time to work this out for me.

Best Answer
0 Votes