Oauth2 with Fitbit

loop · wrote on 10 Aug 2017, 16:15

I'm trying to create an application which will be able to read data from Fitbit Activity Trackers through the fitbit.com API. Unfortunately I'm unable to get the Authorization to work. I read through the Google API example here on the qt site and also checked out the reddit and twitter examples. I got the Authorization Code Flow to work until the callback but then the Debug Message "No received data" is output. This is somewhat strange because if I check the authorizationCallbackReceived signal, the data for code and state is present but the QOAuth2AuthorizationCodeFlow will never reach the granted state but will issue the message as described above instead. Debugging is somewhat limited as the behavior is hidden by the class. However reading the source code of the qoauthreplyhandler in charge of the action (see https://code.woboq.org/qt5/qtnetworkauth/src/oauth/qoauthoobreplyhandler.cpp.html) reveals that the reply seems to be empty. Any thought why QOAuth2AuthorizationCodeFlow is unable to proceed the Authorization after the callback is received or how this further can be debugged?

Code used:

    auto replyHandler = new QOAuthHttpServerReplyHandler(5021,this);
    replyHandler->setCallbackPath(QString("/cb"));

    fitbitAuth.setScope("activity");
    connect(&fitbitAuth, &QOAuth2AuthorizationCodeFlow::authorizeWithBrowser, &QDesktopServices::openUrl);
    fitbitAuth.setAuthorizationUrl(authUri);
    fitbitAuth.setClientIdentifier(clientId);
    fitbitAuth.setAccessTokenUrl(tokenUri);
    fitbitAuth.setClientIdentifierSharedKey(clientSecret);

    fitbitAuth.setReplyHandler(replyHandler);
    connect(&fitbitAuth,&QOAuth2AuthorizationCodeFlow::granted,this,&fitbitDownloader::getActivitiesList);
    connect(&fitbitAuth,&QOAuth2AuthorizationCodeFlow::authorizationCallbackReceived,this,&fitbitDownloader::callbackReceiver);
    connect(&fitbitAuth,&QOAuth2AuthorizationCodeFlow::error,this,&fitbitDownloader::error);
    connect(replyHandler,QOAuthHttpServerReplyHandler::replyDataReceived, this, &fitbitDownloader::networkReplyDataReceived);
    fitbitAuth.grant();

As one can see from the code used fitbitDownloader::callbackReceiver is called and this is where I checked that information for code and state required to perform the next step (send authorization code to get the access token and refresh token) are present in the QVariantMap provided by the signal connected to it.

Any help is greatly appreciated.

loop · wrote on 11 Aug 2017, 18:10

Found the error. I specified a wrong URL for the tokenUri (I had an additional / at the end). However now it fails with "QOAuthOobReplyHandler::networkReplyFinished: Host requires authentication" which again leaves me with very little debugging possibilities. Anyone an idea what's wrong?

loop · wrote on 13 Aug 2017, 15:37

I finally was able to solve the problem. It seems that QOAuth2AuthorizationCodeFlow does not add an Authentication header when requesting the access token. Therefore also the failure message "host requires authentication" was issued. Unfortunately I do not see a possibility to change the access token request that is issued by QOAuth2AuthenticationCodeFlow such that the implementation of this specific Web API will not work seamlessly with this class.