PHP Classes

Fitbit - Revoke Token

Recommend this page to a friend!

      PHP OAuth Library  >  PHP OAuth Library package blog  >  How to Implement a PH...  >  All threads  >  Fitbit - Revoke Token  >  (Un) Subscribe thread alerts  
Subject:Fitbit - Revoke Token
Summary:Struggling to work out how to revoke a Fitbit token
Messages:5
Author:John Godsland
Date:2016-09-05 11:16:21
 

  1. Fitbit - Revoke Token   Reply   Report abuse  
Picture of John Godsland John Godsland - 2016-09-05 11:16:21
I am struggling to understand how to revoke a token with Fitbit using OAuth 2.0.

All other API requests work fine but Revoke gives me an error from Fitbit of "Access token invalid". I note from the Fitbit API documentation that Revoke has to have the Authorization header set to 'Basic', then a space, then the BASE64 encoded client ID and token so I have set AccessTokenAuthentication to 'basic' in the options for SendAPIRequest().

Anything else I am missing that I need to set?

Any and all help welcome because I am stumped!

  2. Re: Fitbit - Revoke Token   Reply   Report abuse  
Picture of Manuel Lemos Manuel Lemos - 2016-09-06 04:25:17 - In reply to message 1 from John Godsland
It seems FitBit documentation is confusing or at least incomplete. Application only requests like that require that you obtain first a token using grant_type client_credentials.

$token = 'some token';
$client->access_token = '';
if(($success = $client->Initialize()))
{
$client->grant_type = 'client_credentials';
if(($success = $client->Process()))
{
if(strlen($client->access_token))
{
$success = $client->CallAPI(
'https://api.fitbit.com/oauth2/revoke',
'POST', array('token'=>$token),
array('FailOnAccessError'=>true), $result);
}
}
$success = $client->Finalize($success);
}

Anyway, it can also revoke a previously retrieved token like this:

$token = 'some token';
$client->access_token = $token;
$success = $client->CallAPI(
'https://api.fitbit.com/oauth2/revoke',
'POST', array('token'=>$client->access_token),
array('FailOnAccessError'=>true), $result);

  3. Re: Fitbit - Revoke Token   Reply   Report abuse  
Picture of John Godsland John Godsland - 2016-09-06 10:51:23 - In reply to message 1 from John Godsland
Wow! Thanks so much for the help - and the great object - it's now working.

Having said that, I ran into an odd problem in http_class. I kept getting an "undefined offset" warning on line 1199 in the SendRequest() method.

Further analysis showed that if an element in the $values array was an array with text keys rather than numeric, the code would fail.

I changed the "for" on line 1195 to a "foreach" and with some other minor changes this resolved the issue.

My revised code is:

if(GetType($values[$k])=="array")
{
$v = 0;
foreach ($values[$k] as $key=>$val)
{
if($value+$v>0)
$this->request_body.="&";
$this->request_body.=UrlEncode($k)."=".UrlEncode($values[$k][$key]);
++$v;
}
}
else
{
if($value>0)
$this->request_body.="&";
$this->request_body.=UrlEncode($k)."=".UrlEncode($values[$k]);
}

Hope that helps!

  4. Re: Fitbit - Revoke Token   Reply   Report abuse  
Picture of Manuel Lemos Manuel Lemos - 2016-09-06 18:59:36 - In reply to message 3 from John Godsland
Are you using the latest version of the HTTP class?

If so, can you provide an example of call so I can try to reproduce the problem?

  5. Re: Fitbit - Revoke Token   Reply   Report abuse  
Picture of John Godsland John Godsland - 2016-09-07 09:06:51 - In reply to message 4 from Manuel Lemos
I'm sorry, the error was mine.

As part of my application stack I store the token as a serialised array in a database. That includes the token data such as expiry date and refresh token. I was passing that array to CallAPI() as a parameter so the HTTP client was having to unpack it when it should not need to. I've modified my code to just pass the actual token and it now works fine with an unmodified version of the HTTP client.

Thanks so much for your help and apologies for the confusion.