PHP Classes

dynamic parameter on redirect_uri for fitbit

Recommend this page to a friend!

      PHP OAuth Library  >  PHP OAuth Library package blog  >  How to Implement a PH...  >  All threads  >  dynamic parameter on redirect_uri...  >  (Un) Subscribe thread alerts  
Subject:dynamic parameter on redirect_uri...
Summary:dynamic parameter need to be on state parameter for fitbit
Messages:6
Author:Jerome Rigal
Date:2015-10-28 12:21:01
 

  1. dynamic parameter on redirect_uri...   Reply   Report abuse  
Picture of Jerome Rigal Jerome Rigal - 2015-10-28 12:21:01
Hello

To connect to Fitbit with oauth 1.0a, I use this redirect uri :
{MY-REDIRECT-URL}?client_id={NUMBER}&branding={STRING}&date={DATE}

This method doesn't work for oauth2.0 because fitbit doesn't accept pattern for callback URL.
We need to use state parameter for this. Fitbit will append this parameter to the redirect_uri

Source :
community.fitbit.com/t5/Web-API/OAU ...

I'm looking for a solution for that. Do you knoaw how i can do that ?

Thanks a lot.

  2. Re: dynamic parameter on redirect_uri...   Reply   Report abuse  
Picture of Manuel Lemos Manuel Lemos - 2015-10-28 21:57:44 - In reply to message 1 from Jerome Rigal
I am not sure what you mean.

The OAuth class sets the state parameter in the redirect URL when redirecting to the OAuth 2.0 server.

As you may see in oauth_configuration.json it has the format:

fitbit.com/oauth2/authorize?client_ ...

The state parameter is used internally to validate the request when the OAuth server redirects back to your site. The state parameter is not supposed to be set by your value of redirect_uri variable.

Maybe you should enable the debug support, capture the PHP error log and post it here so I can try to see what may be wrong.

  3. Re: dynamic parameter on redirect_uri...   Reply   Report abuse  
Picture of Jerome Rigal Jerome Rigal - 2015-10-29 11:17:17 - In reply to message 2 from Manuel Lemos
Hello,

Here is what I want to use for redirect_uri :
- https://www.mywebsite.com/fitbit/?date=2015-10-29&client_id=138218&branding=1
- https://www.mywebsite.com/fitbit/?date=2015-10-28&client_id=123456&branding=4
- https://www.mywebsite.com/fitbit/?date=2015-10-17&client_id=123456&branding=4

If I use this as callback url on fitbit (Application setting) :
mywebsite.com/fitbit/
It works for Oauth 1.0a.
It doesn't work for Oauth 2.
I have the following message: invalid_request - Invalid redirect_uri parameter value

If I understand the Fitbit forum, they block the use of pattern on redirect_uri for reasons of safety and advise using the STATE parameter for this.

If this isn't possible like this, I'll try an alternative solution using sessions.

  4. Re: dynamic parameter on redirect_uri...   Reply   Report abuse  
Picture of Manuel Lemos Manuel Lemos - 2015-10-29 19:04:23 - In reply to message 3 from Jerome Rigal
Fitbit does not accept that redirect_uri because it must be exactly what you informed when you created the application.

So it does not allow different URLs, even if the difference is in the URL parameters.

I think you can workaround that using session variables.

  5. Re: dynamic parameter on redirect_uri...   Reply   Report abuse  
Picture of Jerome Rigal Jerome Rigal - 2015-10-30 10:41:04 - In reply to message 4 from Manuel Lemos
Hello,

At first, I didn't want to use session because I need to use cross-domain in my application.

Finally, I added a step invisible for clients in my code to use session. My code works with this solution.

Thank a lot for your contribution.

  6. Re: dynamic parameter on redirect_uri...   Reply   Report abuse  
Picture of peter addy peter addy - 2015-11-30 19:26:07 - In reply to message 5 from Jerome Rigal
Jerome, can you share your code?