-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Oauth2.0_token() does not work servers requiring client credentials in the header. #288
Comments
Please provide a reproducible example. |
Hadly, The documentation says that as_header determines weather the oauth is I don't have definitive evidence that oauth2.0_token passes client Let me know if you know a way to definitively prove. I'll be happy to Thanks
|
If you don't want to look at the source, start by providing a reproducible example. |
I also have a problem accessing the fitbit api. I've looked at the https requests in Fiddler and can confirm that the request to obtain the access token by The request for the token is made by # Use authorisation code to get (temporary) access token
req <- POST(endpoint$access, encode = "form",
body = list(
client_id = app$key,
client_secret = app$secret,
redirect_uri = redirect_uri,
grant_type = "authorization_code",
code = code)) Adding authentication to the # Use authorisation code to get (temporary) access token
req <- POST(endpoint$access, encode = "form",
body = list(
client_id = app$key,
redirect_uri = redirect_uri,
grant_type = "authorization_code",
code = code),
authenticate(app$key, app$secret)) |
@grahamrp that's rather non-standard, but I'd accept a pull request if you wanted to add that as an option. |
Hi all, Hopefully you'll see this (soon, since reproducible example => API key, which I'll revoke later), but running into problems connecting to FitBit's API. Initially, the app's
AND Chrome's "This site can't be reached" error. On troubleshooting, I thought it might have to do with security certificates, but Chrome tells me that the certificate is both valid and trusted. So am not quite sure what to do. Removing the s (in the https) from the
But results in
Thanks!
|
It's unlikely to be an issue with httr. Try posting over at the fitbit community. |
Hello,
I shows me this error: Error in oauth2.0_access_token(api, app, "MY CODE") : any idea why is this? |
httr's oauth2 works fine with google or gibhub. But it does not work with fitbit. Fitbit requires the client crdentials in the "Authorization" header and oauth2.0_token() seems to pass them as parameters rather than in the header. According to oauth2.0 rfc section 2.3.1, supporting the authorization header is a MUST for the server while supporting them as parameters is a MAY. As such, it would be better/safer for client to pass the client id/secret in the header when requesting the access token.
The text was updated successfully, but these errors were encountered: