Fitbit 2.0 API error

I'm using the login_with_fitbit2.php to retrieve data from Fitbit. I get the Fitbit dialog, confirm it, then the request to the API fails with the error -

Error: it was not possible to access the OAuth access token: it was returned an unexpected response status 401 Response: {"errors":[{"errorType":"invalid_request","message":"Authorization header required."}],"success":false}

I do have authorization_header set to 1 and I'm using oAuth 2.0.

Any help is appreciated.

I just tried it and it works well for my test application.

You do not need to set the authorization_header to true, that is the default value.

Can you enable the debug support and paste your PHP error log here so I can have any idea what is wrong with your setup?

Is there a separate error log or just what is dumped to the page?

Here are the page results:
OAuth client error

Error: it was not possible to access the OAuth access token: it was returned an unexpected response status 401 Response: {"errors":[{"errorType":"invalid_request","message":"Authorization header required. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}

Thanks

Yes, it is the PHP error log that you need to enable and configure in php.ini.

Here is the just the main debug, let me know if you also need the debug_http. Thanks

[04-Dec-2015 16:25:12 America/Indiana/Indianapolis] OAuth client: Checking if OAuth access token was already retrieved from https://api.fitbit.com/oauth2/token
[04-Dec-2015 16:25:12 America/Indiana/Indianapolis] OAuth client: A valid access token is not available
[04-Dec-2015 16:25:12 America/Indiana/Indianapolis] OAuth client: Checking the authentication state in URI /_api/oauth-api/login_with_fitbit2.php
[04-Dec-2015 16:25:12 America/Indiana/Indianapolis] OAuth client: Redirecting to OAuth Dialog https://www.fitbit.com/oauth2/authorize?response_type=code&client_id=229H35&redirect_uri=https%3A%2F%2Fwww.presidentschallenge.org%2F_api%2Foauth-api%2Flogin_with_fitbit2.php&scope=activity+nutrition+heartrate+location+nutrition+profile+settings+sleep+social+weight&state=1449179444-9c65e9
[04-Dec-2015 16:25:14 America/Indiana/Indianapolis] OAuth client: Checking if OAuth access token was already retrieved from https://api.fitbit.com/oauth2/token
[04-Dec-2015 16:25:14 America/Indiana/Indianapolis] OAuth client: A valid access token is not available
[04-Dec-2015 16:25:14 America/Indiana/Indianapolis] OAuth client: Checking the authentication state in URI /_api/oauth-api/login_with_fitbit2.php?state=1449179444-9c65e9&code=e50a353f129d95a36e26b7217db4b7239e1d5dbb
[04-Dec-2015 16:25:14 America/Indiana/Indianapolis] OAuth client: Checking the authentication code
[04-Dec-2015 16:25:14 America/Indiana/Indianapolis] OAuth client: Accessing the OAuth access token at https://api.fitbit.com/oauth2/token
[04-Dec-2015 16:25:14 America/Indiana/Indianapolis] OAuth client: Could not retrieve the OAuth access token. Error: it was not possible to access the OAuth access token: it was returned an unexpected response status 401 Response: {"errors":[{"errorType":"invalid_request","message":"Authorization header required. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}
[04-Dec-2015 16:25:15 America/Indiana/Indianapolis] OAuth client: Error: it was not possible to access the OAuth access token: it was returned an unexpected response status 401 Response: {"errors":[{"errorType":"invalid_request","message":"Authorization header required. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}

That is odd. Yes, please enable debug_http so I can see what is being sent to Fitbit when retrieving the token.

Hi Manuel, here is the complete debug. Thanks, Bernie

[07-Dec-2015 09:08:48 America/Indiana/Indianapolis] OAuth client: Checking if OAuth access token was already retrieved from https://api.fitbit.com/oauth2/token
[07-Dec-2015 09:08:48 America/Indiana/Indianapolis] OAuth client: A valid access token is not available
[07-Dec-2015 09:08:48 America/Indiana/Indianapolis] OAuth client: Checking the authentication state in URI /_api/oauth-api/login_with_fitbit2.php
[07-Dec-2015 09:08:48 America/Indiana/Indianapolis] OAuth client: Redirecting to OAuth Dialog https://www.fitbit.com/oauth2/authorize?response_type=code&client_id=229H35&redirect_uri=https%3A%2F%2Fwww.presidentschallenge.org%2F_api%2Foauth-api%2Flogin_with_fitbit2.php&scope=activity+nutrition+heartrate+location+nutrition+profile+settings+sleep+social+weight&state=1449497328-641123
[07-Dec-2015 09:08:48 America/Indiana/Indianapolis] OAuth client: Checking if OAuth access token was already retrieved from https://api.fitbit.com/oauth2/token
[07-Dec-2015 09:08:48 America/Indiana/Indianapolis] OAuth client: A valid access token is not available
[07-Dec-2015 09:08:48 America/Indiana/Indianapolis] OAuth client: Checking the authentication state in URI /_api/oauth-api/login_with_fitbit2.php
[07-Dec-2015 09:08:48 America/Indiana/Indianapolis] OAuth client: Redirecting to OAuth Dialog https://www.fitbit.com/oauth2/authorize?response_type=code&client_id=229H35&redirect_uri=https%3A%2F%2Fwww.presidentschallenge.org%2F_api%2Foauth-api%2Flogin_with_fitbit2.php&scope=activity+nutrition+heartrate+location+nutrition+profile+settings+sleep+social+weight&state=1449497328-641123
[07-Dec-2015 09:08:56 America/Indiana/Indianapolis] OAuth client: Checking if OAuth access token was already retrieved from https://api.fitbit.com/oauth2/token
[07-Dec-2015 09:08:56 America/Indiana/Indianapolis] OAuth client: A valid access token is not available
[07-Dec-2015 09:08:56 America/Indiana/Indianapolis] OAuth client: Checking the authentication state in URI /_api/oauth-api/login_with_fitbit2.php?state=1449497328-641123&code=4f6982ac8abd02b56859848b19608cbc00d4ff95
[07-Dec-2015 09:08:56 America/Indiana/Indianapolis] OAuth client: Redirecting to OAuth Dialog https://www.fitbit.com/oauth2/authorize?response_type=code&client_id=229H35&redirect_uri=https%3A%2F%2Fwww.presidentschallenge.org%2F_api%2Foauth-api%2Flogin_with_fitbit2.php&scope=activity+nutrition+heartrate+location+nutrition+profile+settings+sleep+social+weight&state=1449179444-9c65e9
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] OAuth client: Checking if OAuth access token was already retrieved from https://api.fitbit.com/oauth2/token
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] OAuth client: A valid access token is not available
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] OAuth client: Checking the authentication state in URI /_api/oauth-api/login_with_fitbit2.php?state=1449179444-9c65e9&code=60148f57a677c54ca12d03374bd78f9a05966d4e
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] OAuth client: Checking the authentication code
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] OAuth client: Accessing the OAuth access token at https://api.fitbit.com/oauth2/token
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] Connecting to api.fitbit.com
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] Resolving HTTP server domain "api.fitbit.com"...
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] Connecting to HTTP server IP 104.16.65.50 port 443...
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] Connected to api.fitbit.com
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] C POST /oauth2/token HTTP/1.1
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] C Host: api.fitbit.com
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] C User-Agent: PHP-OAuth-API (http://www.phpclasses.org/oauth-api $Revision: 1.142 $)
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] C Accept: */*
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] C Connection: Keep-Alive
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] C Content-Type: application/x-www-form-urlencoded
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] C Content-Length: 238
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] C
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] C code=60148f57a677c54ca12d03374bd78f9a05966d4e&redirect_uri=https%3A%2F%2Fwww.presidentschallenge.org%2F_api%2Foauth-api%2Flogin_with_fitbit2.php&grant_type=authorization_code&client_id=229H35&client_secret=388da54026ca4d60a7cf366e255549d0
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] S HTTP/1.1 401 Unauthorized
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] S Server: cloudflare-nginx
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] S Date: Mon, 07 Dec 2015 14:09:08 GMT
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] S Content-Type: application/json;charset=UTF-8
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] S Transfer-Encoding: chunked
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] S Connection: keep-alive
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] S Set-Cookie: __cfduid=db1354798e1861b626f41a34cbcd8b11c1449497348; expires=Tue, 06-Dec-16 14:09:08 GMT; path=/; domain=.fitbit.com; HttpOnly
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] S X-UA-Compatible: IE=edge,chrome=1
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] S Expires: Thu, 01 Jan 1970 00:00:00 GMT
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] S Cache-control: no-cache, must-revalidate
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] S Pragma: no-cache
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] S WWW-Authenticate: Bearer realm="api.fitbit.com"
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] S Content-Language: en-US
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] S Vary: Accept-Encoding
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] S X-Frame-Options: SAMEORIGIN
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] S CF-RAY: 2510ce7d5b6810ed-ORD
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] S
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] S d2
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] S {"errors":[{"errorType":"invalid_request","message":"Authorization header required. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] S 0
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] S
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] Keeping the connection alive to api.fitbit.com
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] OAuth client: Could not retrieve the OAuth access token. Error: it was not possible to access the OAuth access token: it was returned an unexpected response status 401 Response: {"errors":[{"errorType":"invalid_request","message":"Authorization header required. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}
[07-Dec-2015 09:09:08 America/Indiana/Indianapolis] OAuth client: Error: it was not possible to access the OAuth access token: it was returned an unexpected response status 401 Response: {"errors":[{"errorType":"invalid_request","message":"Authorization header required. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}

There seems to be missing the Authorization Basic header.

Are you setting the server variable to "Fitbit2" ?

Oh my gosh, found the problem. I had assumed I needed to add a Fitbit2 server definition section to the oauth_client.php where the other vendors are. I commented that out and it works great!

Thanks so much for your help! Bernie