Can't get authentication working

[pbraswell]

Hi,
Thanks so much for putting this gem out there. I'm trying to integrate with the FB api and your work has made it much simpler!

I'm having the following issue. The initial oauth authentication seems to be working just fine. I receive and store the oauth token and secret with the user when they authorize my app. Setting up your client seems to go smoothly, however when I invoke one of the API methods, I get the following. What am I doing wrong?:

=> {"errors"=>
[{"errorType"=>"oauth",
"fieldName"=>"oauth_access_token",
"message"=>
"Invalid signature or token '/WXdJVXivN3OuIXl16I7ZOAHpUQ=' or token '76db9d2bf0201e0d6f91f302d5a118e4'"}],
"success"=>false}

[whazzmaster]

I've been looking into this the past few days and I think I found out a possible reason; check out this post on the Fitbit dev forums which explains a change they made where new credentials are created for a user upon every oauth login flow- if you are storing and reusing the tokens returned by Fitbit but allowing (or forcing) the user to relogin through the OAuth flow then the tokens you have stored may be out of sync with the latest returned by the service.

I'm in the process of testing out this theory on the client application (which is currently broken) and I'll update this issue with more info when I have it.

[pbraswell]

Hey Zachery,
Thanks so much for the response and please do keep me posted if you would!
:)

I tried to access the API without re-authorizing but I'm still having the
same issue. I'm wondering if what I'm seeing is related or not?

I noticed when using the API explorer on the FB website, they include stuff
like oauth_signature_method, oauth_timestamp, oauth_nounce, and
oauth_signature. I'm not sure if the oauth gem that your gem uses wraps
this into the call or not?

TIA,
Peter

---

SUDO Labs | Zuluworks.com | ThreePoint.io | CheckRide.io
"It's a Jungle Up There": www.zuluworks.com http://www.zuluworks.com

Cell: 804.690.5896

On Wed, May 7, 2014 at 1:23 PM, Zachery Moneypenny <notifications@github.com

wrote:

I've been looking into this the past few days and I think I found out a
possible reason; check out this post on the Fitbit dev forumshttps://groups.google.com/forum/?hl=en&lnk=gcimh#!topic/fitbit-api/Win6-rrD7rcwhich explains a change they made where new credentials are created for a
user upon every oauth login flow- if you are storing and reusing the tokens
returned by Fitbit but allowing (or forcing) the user to relogin through
the OAuth flow then the tokens you have stored may be out of sync with the
latest returned by the service.

I'm in the process of testing out this theory on the client application
(which is currently broken) and I'll update this issue with more info when
I have it.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/28#issuecomment-42456548
.

[whazzmaster]

I figured out the fix for what I was seeing with the same error in the fitgem-client project (see this issue/commit for more info).

You may want top sniff the request/response to the api.fitbit.com endpoint and compare the oauth user tokens returned by the login redirect to what you're sending with the API request to make sure they match.

[whazzmaster]

To answer your other question; the oauth library takes care of generating the oauth_signature/nonce, etc.

[pbraswell]

Zachery,
Thanks for the follow up. Not sure what was going on for me but I ended up
putting together the raw pieces (Oauth consumer, token, etc.) and invoking
the lower level pieces directly and got it working.

-Peter

---

SUDO Labs | Zuluworks.com | ThreePoint.io | CheckRide.io
"It's a Jungle Up There": www.zuluworks.com http://www.zuluworks.com

Cell: 804.690.5896

On Thu, May 8, 2014 at 3:57 PM, Zachery Moneypenny <notifications@github.com

wrote:

To answer your other question; the oauth library takes care of generating
the oauth_signature/nonce, etc.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/28#issuecomment-42598445
.