help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unable to receive JSON "invalid_request"

ANSWERED

‎11-16-2015 17:17 - edited ‎11-16-2015 17:20

‎11-16-2015 17:17 - edited ‎11-16-2015 17:20

 I'm trying to create an application that shoots out information so i can var_dump it to my dom which will let me continue to develop but i've bumped into a barrier, below is my code. And also a walk through of what my error is.

<?php 

/*--------------------- Fitbit API Keys ---------------------*/
// CONSTANTS 
	define("user_id",'X2222X'); // renamed to X2222X for this post
	define("client_id",'X1111X'); //renamed to X1111X for this post.
	define("response_type",'code');
	define("scope", 'activity nutrition profile settings sleep social weight');
	define("redirect_uri", 'http://www.plas.nyc/TEST/fitbit.php');

	if($_GET['code']){
		echo '<h1>success</h1>';
		//loggedin
		$code = $_GET['code'];
		$url = "https://api.fitbit.com/oauth2/token";
		$access_token_setttings = array(
				'code' =>  $code,
				'grant_type' => "authorization_code",
				'client_id' =>  client_id,
				'redirect_uri' => redirect_uri
			);
		$curl = curl_init($url);
		curl_setopt($curl, CURLOPT_POST, true);
		curl_setopt($curl, CURLOPT_POSTFIELDS, $access_token_setttings);
		curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);// look into it more
		
		$result = curl_exec($curl);
		curl_close();

		$results = json_decode($result, true);
		var_dump($result);
	} else { ?>

	<!DOCTYPE html>
	<html>
	<head>
		<title>FITBIT API -|- PLAS.NYC</title>
	</head>		
	<body>	
		<a href="https://www.fitbit.com/oauth2/authorize?response_type=<?php echo response_type; ?>&client_id=<?php echo client_id; ?>&scope=<?php echo scope; ?>">LOGIN</a>
	</body>
	</html>

	<?php
	
	}
	
	?>

Upon clicking login, I receive the URL of(client id renamed to X1111X for this post):

https://www.fitbit.com/login?redirect=%2Foauth2%2Fauthorize%3Fresponse_type%3Dcode%26client_id%X1111X%26scope%3Dactivity%2520nutrition%2520profile%2520settings%2520sleep%2520social%2520weight

 Which brings me to the Login page of the fitbit site. After logging in it ask me to share my data listed in the above scope in the url. After clicking ALLOW i'm redirected back to my page with the code appended to my URL:

http://www.plas.nyc/TEST/fitbit.php?code=cc8462bcde166d20517fc099b8ea9c994738ac59

Sadly when I do a var_dump of my json_decode of the $results i get this in my DOM:

string(210) "{"errors":[{"errorType":"invalid_request","message":"Authorization header required. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}"

 

 

What am I doing wrong? thanks in advance. I've been at this for weeks 😞

 

Best Answer
Labels:
0 Votes
3 BEST ANSWERS

Accepted Solutions

‎11-16-2015 18:20

‎11-16-2015 18:20

You need to set the Authorization header when exchanging the code for an access token, as documented here.

View best answer in original post

Best Answer

‎11-17-2015 15:05

In response to plasx

‎11-17-2015 15:05

Can you capture the raw HTTP request you are sending? You can PM me the Authorization header and I can help look.

View best answer in original post

Best Answer

‎11-17-2015 20:37

In response to SunsetRunner

‎11-17-2015 20:37

Hey Dan

 

I was actually looking at it hard and realized there was no body being passed from my associative ray into CURLOPT_POSTFIELDS for the body being sent to fitbit. Found out that I needed to convert my associative array to a URL-encoded query string.  So i changed that part from:

curl_setopt($curl, CURLOPT_POSTFIELDS, $access_token_settings);

to this:

curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($access_token_settings));

And now i'm able to get my access token!

View best answer in original post

Best Answer
0 Votes
11 REPLIES 11

‎11-16-2015 18:20

‎11-16-2015 18:20

You need to set the Authorization header when exchanging the code for an access token, as documented here.

Best Answer

‎11-16-2015 22:50

‎11-16-2015 22:50

I would suggest to use json validator tool http://codebeautify.org/jsonvalidate or http://jsonformatter.org to validat JSON data before start testing. 

Best Answer
0 Votes

‎11-17-2015 12:07 - edited ‎11-17-2015 13:01

In response to JeremiahFitbit

‎11-17-2015 12:07 - edited ‎11-17-2015 13:01

Hey Jereimah,

Thanks, I set the Authorization headers now, but I now receive a different error in return.

string(227) "{"errors":[{"errorType":"invalid_client","message":"Invalid authorization header. Client id invalid. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}"

Below is how I set up the Headers

 

<?php 

/*--------------------- Fitbit API Keys ---------------------*/
// CONSTANTS 
	define("user_id",'X2222X'); // renamed to X2222X for this post
	define("client_id",'X1111X'); //renamed to X1111X for this post.
	define("client_secret",'X0000X');  //renamed to X0000X for this post.
	define("response_type",'code');
	define("scope", 'activity nutrition profile settings sleep social weight');
	define("redirect_uri", 'http://www.plas.nyc/TEST/fitbit.php');

	if($_GET['code']){
		echo '<h1>success</h1>';
		//loggedin
		$code = $_GET['code'];
		$url = "https://api.fitbit.com/oauth2/token";
		$auth = base64_encode("{client_id}:{client_secret}");

		$access_token_setttings = array(
				'code' =>  $code,
				'grant_type' => "authorization_code",
				'client_id' =>  client_id,
				'redirect_uri' => redirect_uri
			);

		$header = array(
			"Authorization: Basic {$auth}"
			);

		$curl = curl_init($url);
		curl_setopt($curl, CURLOPT_HTTPHEADER, $header);// look into it more
		curl_setopt($curl, CURLOPT_POST, true);
		curl_setopt($curl, CURLOPT_POSTFIELDS, $access_token_setttings);
		curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
		curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);// look into it more
		
		$result = curl_exec($curl);
		curl_close();

		$results = json_decode($result, true);
		var_dump($result);
	} else { ?>

	<!DOCTYPE html>
	<html>
	<head>
		<title>FITBIT API -|- PLAS.NYC</title>
	</head>		
	<body>	
		<a href="https://www.fitbit.com/oauth2/authorize?response_type=<?php echo response_type; ?>&client_id=<?php echo client_id; ?>&scope=<?php echo scope; ?>">LOGIN</a>
	</body>
	</html>

	<?php
	
	}
	
	?>

 

Best Answer
0 Votes

‎11-17-2015 12:09 - edited ‎11-17-2015 12:28

In response to irispanabaker

‎11-17-2015 12:09 - edited ‎11-17-2015 12:28

@irispanabaker Thank you, I will definitely use that when I get this working!

Best Answer
0 Votes

‎11-17-2015 13:37 - edited ‎11-17-2015 13:37

In response to plasx

‎11-17-2015 13:37 - edited ‎11-17-2015 13:37

Consider using an existing library for OAuth 2.0 in PHP, it will save you a lot of debugging.

Best Answer

‎11-17-2015 14:59

In response to SunsetRunner

‎11-17-2015 14:59

Hey Dan,

 

I'm almost at the finish line with this code. I wouldn't want to add a level of abstraction between me and the authentication and for me to abandon it due to the undocumented server response. I would love to know what's happening!

Best Answer
0 Votes

‎11-17-2015 15:05

In response to plasx

‎11-17-2015 15:05

Can you capture the raw HTTP request you are sending? You can PM me the Authorization header and I can help look.

Best Answer

‎11-17-2015 20:37

In response to SunsetRunner

‎11-17-2015 20:37

Hey Dan

 

I was actually looking at it hard and realized there was no body being passed from my associative ray into CURLOPT_POSTFIELDS for the body being sent to fitbit. Found out that I needed to convert my associative array to a URL-encoded query string.  So i changed that part from:

curl_setopt($curl, CURLOPT_POSTFIELDS, $access_token_settings);

to this:

curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($access_token_settings));

And now i'm able to get my access token!

Best Answer
0 Votes

‎11-17-2015 20:58

In response to plasx

‎11-17-2015 20:58

Curl is great to figure out how OAuth2.0 works, but I agree with Dan from before, it would save you a lot of trouble using an existing library. If you use xdebug with an ide that supports it (eg. netbeans, phpstorm), you can debug through the library anyway. They always break down to use cURL or some derivative at some point anyway.

 

https://github.com/thephpleague/oauth2-client/blob/master/README.PROVIDERS.md

 

Dan has created his own provider, and I have as well.

Best Answer

‎06-09-2016 03:51

In response to plasx

‎06-09-2016 03:51

hello Plasx I am getting same error 

"{"errors":[{"errorType":"invalid_client","message":"Invalid authorization header. Client id invalid. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}"

 

Please tell me how can I overcome.... its very urgent.Thanks alot in advance

Best Answer
0 Votes

‎06-09-2016 04:57 - edited ‎06-09-2016 04:59

In response to sanjana

‎06-09-2016 04:57 - edited ‎06-09-2016 04:59

After logging in it ask me to share my data listed in the above scope in the url. After clicking ALLOW i'm redirected back to my page with the code appended to my URL

http://localhost/fitbitApp/fitbit_login.php?code=22e5ef87bfd3cc6d4a2d6662ca874ce72e16928d#_=_

 Sadly when I do a var_dump of my json_decode of the $results i get this in my DOM:

 

string '{"errors":[{"errorType":"invalid_client","message":"Invalid authorization header. Client id invalid. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}' (length=227)

Best Answer
0 Votes