How to Use Saved Token To Submit Fitbit API Call

I'm trying to use a previously save token to access fitbit but keep recieving the error "No Authorization header provided in the request. Each call to Fitbit API should be OAuth signed"

Can you please provide an example of how to use previously saved tokens to make an API call?

My current code:
function getProfile(){
$this->client->access_token_secret ="TOKEN_SECRET";
$this->client->access_token="ACCESS_TOKEN";
$parameters = array();
$options = array();
$response ="";
$success = $this->client->CallAPI("http://api.fitbit.com/1/user/-/profile.json", "POST", $parameters,$options,$response);

$success = $this->client->Finalize($success);

error_log(print_r($response,1));
}

You need to call the Initialize function first so the configuration for FitBit is loaded from the configuration file.

Thank you!

I've gotten farther but don't seem to be getting an access token after running Process().

My code currently (I've initialized the client in another place)

function getAccessToken(){

$client = $this->client;
if(($success = $client->Initialize()))
{
if($success = $client->Process()){
error_log(print_r($client,1));

}

}

}

But the error log shows that the client hasn't received the access token. Everything else seems to work, the redirects are working, I'm seeing the fitbit "Authorize Page" I just don't seem to get the actual token. Am I missing something?

Thanks again for your help and great projects.

It is hard to tell without seeing the error log.

Can you set debug to true, enable the error log to go to a file in your php.ini and show what appears in the log file?

Here is an example of the log file it produces (my $client print_r is at the end):

[26-Mar-2015 20:03:30 Europe/Berlin] OAuth client: Checking the OAuth token authorization state
[26-Mar-2015 20:03:30 Europe/Berlin] OAuth client: The OAuth token is not yet authorized
[26-Mar-2015 20:03:30 Europe/Berlin] OAuth client: Checking the OAuth token and verifier
[26-Mar-2015 20:03:30 Europe/Berlin] OAuth client: Reset the OAuth token state because token and verifier are not both set
[26-Mar-2015 20:03:30 Europe/Berlin] OAuth client: Requesting the unauthorized OAuth token
[26-Mar-2015 20:03:30 Europe/Berlin] OAuth client: Accessing the OAuth request token at https://api.fitbit.com/oauth/request_token
[26-Mar-2015 20:03:30 Europe/Berlin] Connecting to api.fitbit.com
[26-Mar-2015 20:03:30 Europe/Berlin] Resolving HTTP server domain "api.fitbit.com"...
[26-Mar-2015 20:03:30 Europe/Berlin] Connecting to HTTP server IP 108.168.254.64 port 443...
[26-Mar-2015 20:03:30 Europe/Berlin] Connected to api.fitbit.com
[26-Mar-2015 20:03:30 Europe/Berlin] C GET /oauth/request_token HTTP/1.1
[26-Mar-2015 20:03:30 Europe/Berlin] C Host: api.fitbit.com
[26-Mar-2015 20:03:30 Europe/Berlin] C User-Agent: PHP-OAuth-API (http://www.phpclasses.org/oauth-api $Revision: 1.133 $)
[26-Mar-2015 20:03:30 Europe/Berlin] C Accept: */*
[26-Mar-2015 20:03:30 Europe/Berlin] C Authorization: OAuth oauth_consumer_key="121c7bd684404a4f8f55a0f7196eacee",oauth_nonce="9259425271c439646663bca69392afb6",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1427396610",oauth_version="1.0",oauth_callback="http%3A%2F%2Flocalhost%3A8888%2Fbmsd%2Fparticipant%2F",oauth_signature="VkDgCi5ospY33fqHGpyayKPkfsM%3D"
[26-Mar-2015 20:03:30 Europe/Berlin] C Connection: Keep-Alive
[26-Mar-2015 20:03:30 Europe/Berlin] C
[26-Mar-2015 20:03:31 Europe/Berlin] S HTTP/1.1 200 OK
[26-Mar-2015 20:03:31 Europe/Berlin] S Server: nginx
[26-Mar-2015 20:03:31 Europe/Berlin] S X-UA-Compatible: IE=edge,chrome=1
[26-Mar-2015 20:03:31 Europe/Berlin] S Expires: Thu, 01 Jan 1970 00:00:00 GMT
[26-Mar-2015 20:03:31 Europe/Berlin] S Cache-control: no-store, no-cache, must-revalidate
[26-Mar-2015 20:03:31 Europe/Berlin] S Pragma: no-cache
[26-Mar-2015 20:03:31 Europe/Berlin] S Set-Cookie: fhttps=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
[26-Mar-2015 20:03:31 Europe/Berlin] S Content-Type: application/x-www-form-urlencoded;charset=UTF-8
[26-Mar-2015 20:03:31 Europe/Berlin] S Content-Language: en-US
[26-Mar-2015 20:03:31 Europe/Berlin] S Content-Length: 126
[26-Mar-2015 20:03:31 Europe/Berlin] S Date: Thu, 26 Mar 2015 19:03:30 GMT
[26-Mar-2015 20:03:31 Europe/Berlin] S
[26-Mar-2015 20:03:31 Europe/Berlin] S oauth_token=20367de6f25b0968fdbaf4b32b9f0237&oauth_token_secret=5c359bf123458cfea57f646c68c7b143&oauth_callback_confirmed=true
[26-Mar-2015 20:03:31 Europe/Berlin] Keeping the connection alive to api.fitbit.com
[26-Mar-2015 20:03:31 Europe/Berlin] OAuth client: Redirecting to OAuth authorize page https://api.fitbit.com/oauth/authorize?oauth_token=20367de6f25b0968fdbaf4b32b9f0237
[26-Mar-2015 20:03:31 Europe/Berlin] oauth_client_class Object
(
[error] =>
[debug] => 1
[debug_http] => 1
[exit] => 1
[debug_output] => OAuth client: Checking the OAuth token authorization state
OAuth client: The OAuth token is not yet authorized
OAuth client: Checking the OAuth token and verifier
OAuth client: Reset the OAuth token state because token and verifier are not both set
OAuth client: Requesting the unauthorized OAuth token
OAuth client: Accessing the OAuth request token at https://api.fitbit.com/oauth/request_token
OAuth client: Redirecting to OAuth authorize page https://api.fitbit.com/oauth/authorize?oauth_token=20367de6f25b0968fdbaf4b32b9f0237

[debug_prefix] => OAuth client:
[server] => Fitbit
[configuration_file] => oauth_configuration.json
[request_token_url] => https://api.fitbit.com/oauth/request_token
[dialog_url] => https://api.fitbit.com/oauth/authorize
[pin_dialog_url] =>
[offline_dialog_url] =>
[pin] =>
[append_state_to_redirect_uri] =>
[access_token_url] => https://api.fitbit.com/oauth/access_token
[oauth_version] => 1.0a
[url_parameters] =>
[authorization_header] => 1
[token_request_method] => GET
[signature_method] => HMAC-SHA1
[redirect_uri] => http://localhost:8888/bmsd/participant/
[client_id] => 121c7bd684404a4f8f55a0f7196eacee
[client_secret] => c768eb66484043899371908da205f028
[api_key] =>
[get_token_with_api_key] =>
[scope] =>
[offline] =>
[access_token] =>
[access_token_secret] =>
[access_token_expiry] =>
[access_token_type] =>
[default_access_token_type] =>
[access_token_parameter] =>
[access_token_response] =>
[store_access_token_response] =>
[access_token_authentication] =>
[refresh_token] =>
[access_token_error] =>
[authorization_error] =>
[response_status] => 200
[oauth_username] =>
[oauth_password] =>
[grant_type] => authorization_code
[http_arguments] => Array
(
)

[oauth_user_agent] => PHP-OAuth-API (http://www.phpclasses.org/oauth-api $Revision: 1.133 $)
[response_time] => 1427396610
)

I've gone back and verified that my proof of concept code is still working, the exact same class is being used here.

Is there something environmental that could cause this? The code is now within a large project but still running from the same local machine.

I've removed the http error log if that makes is easier to diagnose, it seems to hang right here:
[27-Mar-2015 18:00:38 Europe/Berlin] OAuth client: Checking the OAuth token authorization state
[27-Mar-2015 18:00:38 Europe/Berlin] OAuth client: The OAuth access token is not set
[27-Mar-2015 18:00:38 Europe/Berlin] OAuth client: Requesting the unauthorized OAuth token
[27-Mar-2015 18:00:38 Europe/Berlin] OAuth client: Accessing the OAuth request token at https://api.fitbit.com/oauth/request_token
[27-Mar-2015 18:00:39 Europe/Berlin] OAuth client: Redirecting to OAuth authorize page https://api.fitbit.com/oauth/authorize?oauth_token=fb0c5f48a4a80dc2bade3f840b3548c6

I never see anything beyond that despite being successfully redirected to and from fitbit.

The class uses sessions to store token data by default. So it is possible that sessions are not being recorded and so it "forgets" the token data after it is redirected to the OAuth server.

Try dumping the values of $_SESSION before redirecting and after returning.

If the values seem to be lost, you have a problem storing session data in your machine, probably a permissions problem for the Web server user.

Thanks, I'll look into that.

I appreciate the assistance.

-Colin

After Processing() in my $_SESSION I see:

[OAUTH_ACCESS_TOKEN] => Array
(
[https://api.fitbit.com/oauth/access_token] => Array
(
[value] => 60115f98f014f82d4f48ae52845746b0
[secret] => 0f2b5a8f5c62122e0b492abb59e6f4f0
[authorized] =>
)

)

The value for authorized never seems to be set, anything else I should look into?

No, you need to put this in the beginning of your script to check if PHP is holding your session data:

session_start();
error_log('Before '.print_r($_SESSION, 1));

On the first access, it may dump an empty array. Then it redirects to FitBit server. When it redirects back to your script it should dump something like this:

Before Array
(
[OAUTH_ACCESS_TOKEN] => Array
(
[https://api.fitbit.com/oauth/access_token] => Array
(
[value] => some-value
[secret] => some-secret
[authorized] =>
)

)

)