help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Using Scribe...oauth_problem=permission_denied

ANSWERED

‎12-19-2014 08:41

‎12-19-2014 08:41

Hi there,

 

I am trying to read data using WebUI in a java standalone code. I get an error:

Exception in thread "main" org.scribe.exceptions.OAuthException: Response body is incorrect. Can't extract token and secret from this: 'oauth_problem=permission_denied'
at org.scribe.extractors.TokenExtractorImpl.extract(TokenExtractorImpl.java:41)
at org.scribe.extractors.TokenExtractorImpl.extract(TokenExtractorImpl.java:27)

 

Looks like - this error is originated at "Token accessToken = service.getAccessToken(requestToken, v);". Can anyone point, what is the problem with the code. what is needed to be corrected.

 

Following is the code

 

package com.euphoria.fitness;

import org.scribe.builder.ServiceBuilder;
import org.scribe.builder.api.FitbitApi;
import org.scribe.model.OAuthRequest;
import org.scribe.model.Response;
import org.scribe.model.SignatureType;
import org.scribe.model.Token;
import org.scribe.model.Verb;
import org.scribe.model.Verifier;
import org.scribe.oauth.OAuthService;

public class FitBit {

public static void main(String[] args){
OAuthService service = new ServiceBuilder()
.provider(FitbitApi.SSL.class)
.apiKey("646d1c99e1fe45b49db573784ef03a89")
.apiSecret("61540eecfdf047059bdb486d7b1b1786")
//.signatureType(SignatureType.QueryString)
.debug()
.build();

Token requestToken = service.getRequestToken();

String authUrl = service.getAuthorizationUrl(requestToken);
String token = authUrl.substring(authUrl.indexOf("=")+1);
System.out.println();
System.out.println("<<<<<<<<<>>>>>>>>>>>> "+authUrl);


Verifier v = new Verifier(authUrl);

Token accessToken = service.getAccessToken(requestToken, v);

OAuthRequest request = new OAuthRequest(Verb.GET, "https://api.fitbit.com/1/user/-/profile.xml");
service.signRequest(accessToken, request); // the access token from step 4

Response response = request.send();
System.out.println(response.getBody());
}

}

Best Answer
Labels:
0 Votes
1 BEST ANSWER

Accepted Solutions

‎12-19-2014 23:50

In response to sreerammc

‎12-19-2014 23:50

Hi,

 

I did a little hack... I wrote JSoup code to post authentication request yo get PIN.

 

//String token="605c93ef8c3200926dc996d97e99b8e3";
Document doc = Jsoup.connect("https://api.fitbit.com/oauth?oauth_token="+token+"&locale=&display=&authentication=&oauth_allow=Allo...
//System.out.println(doc.text());
Element form =doc.select("form[id=oauth_login_form]").first();
System.out.println("oauth_token = "+form.select("input[name=oauth_token]").val());
System.out.println("locale="+form.select("input[name=locale]").val());
System.out.println("oauth_allow="+form.select("input[name=oauth_allow]").val());
System.out.println("_sourcePage="+form.select("input[name=_sourcePage]").val());
System.out.println("__fp ="+form.select("input[name=__fp]").val());

String url ="https://api.fitbit.com/oauth/oauth_login_allow?"
+ "oauth_token="+form.select("input[name=oauth_token]").val()
+ "&locale="+form.select("input[name=locale]").val()
//+ "&oauth_allow="+form.select("input[name=oauth_allow]").val()
+ "&_sourcePage="+form.select("input[name=_sourcePage]").val()
+ "&__fp="+form.select("input[name=__fp]").val()+
"&email=<YYYYYYYY>&password=<XXXXXX>";
System.out.println(url);
Document responseDoc=Jsoup.connect(url).post();
String vToken = responseDoc.select("div.pincode").first().text();

 

After I got the token and passed the same to Verifier and working like a charm. 

 

Can any one suggest any other better way to do this?

 

Regards,

Sreeram MC

 

View best answer in original post

Best Answer
0 Votes
5 REPLIES 5

‎12-19-2014 08:45

‎12-19-2014 08:45

Please make sure that the token is not expired.

Try to issue new token and see what happens.

Ivan Bahdanau
Senior Software Developer at Fitbit
Best Answer
0 Votes

‎12-19-2014 09:06

In response to ibahdanau

‎12-19-2014 09:06

Ivan Bahdanau,

Thank you for lightening response. 

 

I am passing the token that I fetched from previous step and passing it. Are you suggesting that timestamp used is the issue? or Token is expired?

 

Following is the Scribe log:

 

obtaining request token from https://api.fitbit.com/oauth/request_token
setting oauth_callback to oob
generating signature...
using base64 encoder: CommonsCodec
base string is: POST&https%3A%2F%2Fapi.fitbit.com%2Foauth%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3D646d1c99e1fe45b49db573784ef03a89%26oauth_nonce%3D2989727642%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1419008539%26oauth_version%3D1.0
signature is: fVKoKeobs9jQDhCWbmapiFt4udU=
appended additional OAuth parameters: { oauth_callback -> oob , oauth_signature -> fVKoKeobs9jQDhCWbmapiFt4udU= , oauth_version -> 1.0 , oauth_nonce -> 2989727642 , oauth_signature_method -> HMAC-SHA1 , oauth_consumer_key -> 646d1c99e1fe45b49db573784ef03a89 , oauth_timestamp -> 1419008539 }
using Http Header signature
sending request...
response status code: 200
response body: oauth_token=2768f0537ce4de92d31830d5d76dcaa1&oauth_token_secret=66014dda72cc1e2bbee22995c3a5d40a&oauth_callback_confirmed=true

<<<<<<<<<>>>>>>>>>>>> https://api.fitbit.com/oauth/authorize?oauth_token=2768f0537ce4de92d31830d5d76dcaa1
obtaining access token from https://api.fitbit.com/oauth/access_token
setting token to: Token[2768f0537ce4de92d31830d5d76dcaa1 , 66014dda72cc1e2bbee22995c3a5d40a] and verifier to: org.scribe.model.Verifier@15ca232
generating signature...
using base64 encoder: CommonsCodec
base string is: POST&https%3A%2F%2Fapi.fitbit.com%2Foauth%2Faccess_token&oauth_consumer_key%3D646d1c99e1fe45b49db573784ef03a89%26oauth_nonce%3D2365128259%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1419008541%26oauth_token%3D2768f0537ce4de92d31830d5d76dcaa1%26oauth_verifier%3Dhttps%253A%252F%252Fapi.fitbit.com%252Foauth%252Fauthorize%253Foauth_token%253D2768f0537ce4de92d31830d5d76dcaa1%26oauth_version%3D1.0
signature is: AnXNMT6T1xvsNDfis1hOqsGbnkA=
appended additional OAuth parameters: { oauth_signature -> AnXNMT6T1xvsNDfis1hOqsGbnkA= , oauth_version -> 1.0 , oauth_nonce -> 2365128259 , oauth_signature_method -> HMAC-SHA1 , oauth_consumer_key -> 646d1c99e1fe45b49db573784ef03a89 , oauth_token -> 2768f0537ce4de92d31830d5d76dcaa1 , oauth_verifier -> https://api.fitbit.com/oauth/authorize?oauth_token=2768f0537ce4de92d31830d5d76dcaa1 , oauth_timestamp -> 1419008541 }
using Http Header signature
Exception in thread "main" org.scribe.exceptions.OAuthException: Response body is incorrect. Can't extract token and secret from this: 'oauth_problem=permission_denied'
at org.scribe.extractors.TokenExtractorImpl.extract(TokenExtractorImpl.java:41)
at org.scribe.extractors.TokenExtractorImpl.extract(TokenExtractorImpl.java:27)
at org.scribe.oauth.OAuth10aServiceImpl.getAccessToken(OAuth10aServiceImpl.java:104)
at org.scribe.oauth.OAuth10aServiceImpl.getAccessToken(OAuth10aServiceImpl.java:85)
at org.scribe.oauth.OAuth10aServiceImpl.getAccessToken(OAuth10aServiceImpl.java:90)
at com.euphoria.fitness.FitBit.main(FitBit.java:34)

Best Answer
0 Votes

‎12-19-2014 20:15

In response to sreerammc

‎12-19-2014 20:15

Hi,

 

Look like I am not getting PIN from the following call:

 

String authUrl = service.getAuthorizationUrl(requestToken);

 

I have registered this as a desktop application. Can any one please let me know how I can get the token in a standalone applicaiton, which is not browser based app.

 

Regards,

Sreeram MC

Best Answer
0 Votes

‎12-19-2014 23:50

In response to sreerammc

‎12-19-2014 23:50

Hi,

 

I did a little hack... I wrote JSoup code to post authentication request yo get PIN.

 

//String token="605c93ef8c3200926dc996d97e99b8e3";
Document doc = Jsoup.connect("https://api.fitbit.com/oauth?oauth_token="+token+"&locale=&display=&authentication=&oauth_allow=Allo...
//System.out.println(doc.text());
Element form =doc.select("form[id=oauth_login_form]").first();
System.out.println("oauth_token = "+form.select("input[name=oauth_token]").val());
System.out.println("locale="+form.select("input[name=locale]").val());
System.out.println("oauth_allow="+form.select("input[name=oauth_allow]").val());
System.out.println("_sourcePage="+form.select("input[name=_sourcePage]").val());
System.out.println("__fp ="+form.select("input[name=__fp]").val());

String url ="https://api.fitbit.com/oauth/oauth_login_allow?"
+ "oauth_token="+form.select("input[name=oauth_token]").val()
+ "&locale="+form.select("input[name=locale]").val()
//+ "&oauth_allow="+form.select("input[name=oauth_allow]").val()
+ "&_sourcePage="+form.select("input[name=_sourcePage]").val()
+ "&__fp="+form.select("input[name=__fp]").val()+
"&email=<YYYYYYYY>&password=<XXXXXX>";
System.out.println(url);
Document responseDoc=Jsoup.connect(url).post();
String vToken = responseDoc.select("div.pincode").first().text();

 

After I got the token and passed the same to Verifier and working like a charm. 

 

Can any one suggest any other better way to do this?

 

Regards,

Sreeram MC

 

Best Answer
0 Votes

‎01-14-2015 00:12

In response to sreerammc

‎01-14-2015 00:12

Dear Sreeram MC

i try your workaround and it succefully send the request and response is 200 (ok ) but with null body in get profile data ,can you tell me the cause for that ??

Best Answer
0 Votes