Can't get authentication working about fitgem HOT 5 CLOSED

I've been looking into this the past few days and I think I found out a possible reason; check out this post on the Fitbit dev forums which explains a change they made where new credentials are created for a user upon every oauth login flow- if you are storing and reusing the tokens returned by Fitbit but allowing (or forcing) the user to relogin through the OAuth flow then the tokens you have stored may be out of sync with the latest returned by the service.

I'm in the process of testing out this theory on the client application (which is currently broken) and I'll update this issue with more info when I have it.

from fitgem.

Hey Zachery,
Thanks so much for the response and please do keep me posted if you would!
:)

I tried to access the API without re-authorizing but I'm still having the
same issue. I'm wondering if what I'm seeing is related or not?

I noticed when using the API explorer on the FB website, they include stuff
like oauth_signature_method, oauth_timestamp, oauth_nounce, and
oauth_signature. I'm not sure if the oauth gem that your gem uses wraps
this into the call or not?

TIA,
Peter

SUDO Labs | Zuluworks.com | ThreePoint.io | CheckRide.io
"It's a Jungle Up There": www.zuluworks.com http://www.zuluworks.com

Cell: 804.690.5896

On Wed, May 7, 2014 at 1:23 PM, Zachery Moneypenny <[email protected]

wrote:

I've been looking into this the past few days and I think I found out a
possible reason; check out this post on the Fitbit dev forumshttps://groups.google.com/forum/?hl=en&lnk=gcimh#!topic/fitbit-api/Win6-rrD7rcwhich explains a change they made where new credentials are created for a
user upon every oauth login flow- if you are storing and reusing the tokens
returned by Fitbit but allowing (or forcing) the user to relogin through
the OAuth flow then the tokens you have stored may be out of sync with the
latest returned by the service.

I'm in the process of testing out this theory on the client application
(which is currently broken) and I'll update this issue with more info when
I have it.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/28#issuecomment-42456548
.

from fitgem.

I figured out the fix for what I was seeing with the same error in the fitgem-client project (see this issue/commit for more info).

You may want top sniff the request/response to the api.fitbit.com endpoint and compare the oauth user tokens returned by the login redirect to what you're sending with the API request to make sure they match.

from fitgem.

To answer your other question; the oauth library takes care of generating the oauth_signature/nonce, etc.

from fitgem.

Zachery,
Thanks for the follow up. Not sure what was going on for me but I ended up
putting together the raw pieces (Oauth consumer, token, etc.) and invoking
the lower level pieces directly and got it working.

-Peter

SUDO Labs | Zuluworks.com | ThreePoint.io | CheckRide.io
"It's a Jungle Up There": www.zuluworks.com http://www.zuluworks.com

Cell: 804.690.5896

On Thu, May 8, 2014 at 3:57 PM, Zachery Moneypenny <[email protected]

wrote:

To answer your other question; the oauth library takes care of generating
the oauth_signature/nonce, etc.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/28#issuecomment-42598445
.

from fitgem.