Hi JohnFitbit, thank you for your answer.

I am using my personal account to do the authorization tests of my application, I do it in a different browser so as not to interfere with my developer account.

I followed the procedures indicated in the tutorial and in fact it was working properly until Tuesday, I could call my personal user's authorization page, select the data I wanted to authorize (all), authorize the application and the app would register in my personal profile and get the authorization tokens.

I was even able to get the sleep data from my personal account, but after an error when refreshing the user token I could no longer receive data from Fitbit and after I disallowed the app into my personal account I can't re-register my app in my personal profile, it just doesn't do anything.

The problem now is that even though I authorize the application, it does not register in my personal profile and I do not receive the authorization tokens, I only receive the CODE and when I run the cURL call to get the tokens I do not even receive an error response, everything is empty.

I am using PHP for my web application since my API will make the request for sleep data when the client requests it by the APP.

I don't know why is not working now, everything happened after I made the mistake refreshing the user token.

Thanks.

Hi @JavierAP 

When authorizing your personal application type, you will only be able to retrieve the data for the application owner.   It's ok to use a second browser window for testing, but make certain you're logged into fitbit.com using the dev.fitbit.com account.   Once the user has authorized the application and the user goes through the authorization process again, the consent webform will not be displayed.   It sounds like receiving the authorization code is correct behavior.   From there, you can use the /oauth/token endpoint to exchange the authorization code for the access token and refresh token.

If you want to see the consent webform again, you have 2 options

1. The application can revoke the access token using the revoke endpoint.
2. In the fitbit.com settings, go to "Applications" and revoke consent for your application.

Gordon

Hi @Gordon-C

Thank you for your answer.

I understand that part about the authorization and I was able to authorize my APP before on my personal account and even get my sleep once, then I revoked access to my app and tried again because I made a mistake getting the user token and I wanted to start over again.

After I revoke the consent on my personal account, I'm not able to get it again, I run the process, got the consent web form, select the data I'm going to share and authorize, then I get the authorization code on my callback url but when I try there to get the oauth token I haven't receive any data at all, and going to see my personal profile on fitbit.com->settings->applications, I can't see my app there, so apparently for some reason, even when I authorize my app, it does'nt happens, and I can't get the token and of course I don't have access to my personal data.

I'm doing exactly the same procedure i did before when I was able to authorize my app and get my first sleep data but now is not working, after the callback funcion is called, I can't get the token and the app doesn't appear on my personal profile.

Javier.

I don't see any recent activity on that client ID.   Would you please test the authorization again?

Dear @Gordon-C 

I just tried to authorize my app again with my private account, same issue, no token received just the code and the App is not registered on my personal profile.

Thanks.

Hi Javier,

After receiving the code, what are you executing to convert the authorization code into the access and refresh tokens?

Gordon

Hi @Gordon-C here is my PHP code on the callback script, ti works before this problem.

$authorization = CLIENT_ID . ":" . CLIENT_SECRET;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https:api.fitbit.com/oauth2/token");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array(
'grant_type' => 'authorization_code',
'code' => $ccode,
'client_id' => CLIENT_ID,
'client_secret' => CLIENT_SECRET,
'redirect_uri' => REDIRECT_URI)));
curl_setopt($ch, CURLOPT_HTTPHEADER,
array('Authorization: Basic ' . base64_encode($authorization), 'Content-Type: application/x-www-form-urlencoded'));
$data = curl_exec($ch);
$response = json_decode($data);
$access_token = $response->access_token;
$refresh_token = $response->refresh_token;

$ccode is que code i've received and when I print the $response variable is empty.

if the $access_token is not empty, this is the next PHP code:

$oauth_profile_header = ["Authorization: Bearer " . $access_token];
$url = "https:api.fitbit.com/1/user/-/profile.json";
$cu = curl_init($url);
curl_setopt($cu, CURLOPT_HTTPHEADER, $oauth_profile_header);
curl_setopt($cu, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($cu, CURLOPT_SSL_VERIFYPEER, false);
$userprofile = curl_exec($cu);
$profile = json_decode($userprofile);
curl_close($cu);

The I run the profile whith a foreach to get the user dataand store that into my database

This was working before.

Thanks.

Hi @Gordon-C ,

I just can't believe how blocked my brain was to not see that, it's what happens when you work on multiple projects at the same time, not recommended.

Thank you very much for opening my eyes and sorry for the inconvenience.

Javier.

If the token endpoint is wrong, check the profile endpoint in your code too.   It has the same problem.

No worries.   Glad I could help.