Hey,

thanks for your quick reply. Can i do the following:


User clicks on a Button inside the App ---> Open Webview with authentication --> User copys the Pin (using Desktop Type on Fitbit) and than turn back to app to copy the the code --> ???
🙂

for me it's not exactly clear, what i have to do / call after the user have the pin code. Can you maybe give me a hint for that?

Best,
Nico

Hey that sounds good 🙂

But - i can't specifiy the callback url in the fitbit panel with fitbittest://view?id=123 (just a quick test)


Any idea? fitbittest://view?id=123 is not a valid URL

Thanks for your ideas/help so far 🙂

Best, Nico

Hey,

ähm my problem is to enter this url on my application settings on Fitbit. Can i enter in at another place except the settingspanel ??

Hey,

look nice so far - the only problem left is to make that call using a normal HTTP request in the application (or even in node.js)

After a lot of searching on google - do you have any example code for that?
(My problem seems to be setting the Authorization header)

In Detail i always fighting with this error:

{"errors":[{"errorType":"oauth","fieldName":"n/a","message":"No Authorization header provided in the request. Each call to Fitbit API should be OAuth signed"}],"success":false}

You can start with https://dev.fitbit.com/apps/oauthtutorialpage .

It describes process of making very first step request_token. It also calculates signature and base string so you can compare your values to those that are generated.

Hey,

already got it to work as expected 🙂

Using a node.js endpoint - and now i will play around with the different API Calls.

Best, Nico

An Addition:

After receiving the tokens and trying to get (for example) data from the user, i receive this error:

{"errors":[{"errorType":"oauth","fieldName":"oauth_access_token","message":"Invalid/expired user token: 089fe4f67dbea3c265d965c359d04XXX"}],"success":false}

But it's the token i've got from my request - any idea what causes this?

Hey,

jeah that's the case - i am using 'oauth-1.0a'

S

var oauth = OAuth({
        consumer: {
            public: '70ffaec065bf4763be857acf8eaXXXXX',
            secret: '7b9e2b5c678a4b8cacd563d793XXXXXX'
        },
        signature_method: 'HMAC-SHA1',
        callback : "fitbittest://view?id=123"
    });

(Callback is a hack from me, added to this library)

app.get('/getURL', function(req, res){
    var request_data = {
        url: 'https://api.fitbit.com/oauth/request_token',
        method: 'POST',
    };


    request({
        url: request_data.url,
        method: request_data.method,
        form: request_data.data,
        headers: oauth.toHeader(oauth.authorize(request_data))
    }, function(error, response, body) {
        //process your data here
        //console.log(body);
        res.send(body);
    });
    
   // res.send('Hello World');
});

So after calling the getURL from my application, the user is directed to the fitbit Website. After Log-in the callback is called successfully and the user is redirected into the application. Then i call the "getUserInfo" URL with the credentials.

app.get('/getUserData', function(req, res) {
    
    var token = {
        public: req.query.token,
        secret: req.query.token_secret
    };
    console.log(req.query );
    
    var request_data = {
        url: 'https://api.fitbit.com/1/user/-/profile.json',
        method: 'POST',
    };
    
    request({
        url: request_data.url,
        method: request_data.method,
        form: request_data.data,
        headers: oauth.toHeader(oauth.authorize(request_data, {public: req.query.token}))
    }, function(error, response, body) {
        //process your data here
        console.log(body);
        res.send("hallo");
    });
});

( I extract both tokens (secret and normal) from the body in the application and send them as parameters to the getUserData Call.

And that's where the error occurs. Anything wrong in that row of actions?


 

Please checkout oath 1.0a workflow that Fitbit uses here: https://wiki.fitbit.com/display/API/OAuth+Authentication+in+the+Fitbit+API#OAuthAuthenticationintheF...

and make sure you do all the steps described there. Based on the code you pasted you're doing only request_token request which is step A in diagram. request_token returns to you temporary credentials that can only be used to get permanent access token at steps D-E.

P.S. I also suggest in you application dev.fitbit.com please invalidate you comsumer key and secret since posting such information is not a good idea.

Hey,

i could make it work correctly - using the Type "Desktop" and  the pin-based authorization.

Question:
In this case the User have to copy the pin by himself and return to the application - this isn't a big deal - but the other way of course is more "likeable".


So - anyone have an idea how to extract the tokens from the website opened in the browser of the iphone? Cause that's my current problem.

Best, Nico