Fitbit API OAuth 1.0a from Titanium (Appcelerator)

Question

I am using Titanium (Appcelerator) to connect to Fitbit API. (http://www.appcelerator.com)

I have been facing issues of getting "Invalid Signature" when I am trying to request for token.

I'm using HTTPClient from Titanium.Network.HTTPClient class to send the HTTP Request. I also uses the oauth-1.0a.js library from https://github.com/ddo/oauth-1.0a to assist in getting the nonce and signature value.

Here is the code:

Ti.include('/oauth/ddo/hmac-sha1.js');
Ti.include('/oauth/ddo/enc-base64-min.js');
Ti.include('/oauth/ddo/oauth-1.0a.js');

function FitBitAuth() {
    FitBitAuth.signatureMethod = "HMAC-SHA1";
    FitBitAuth.clientKey = 'XXXXXXXXXXXXXXXXXXXXXXXXX';
    FitBitAuth.clientSecret = 'XXXXXXXXXXXXXXXXXXXXXXXXXX';
    FitBitAuth.nonce = "R@nD0m_$tR!nGss";
    FitBitAuth.request_token_url = "https://api.fitbit.com/oauth/request_token";
    FitBitAuth.callback_url = "http://www.fitbit.com";
}

FitBitAuth.prototype.createConsumerTokenSecretPair = function() {
    return OAuth({
        consumer : {
            public : FitBitAuth.clientKey,
            secret : FitBitAuth.clientSecret
        },
        signature_method : FitBitAuth.signatureMethod
    });
};

FitBitAuth.prototype.getRequestTokenRequestData = function() {
        return {
        url : "https://api.fitbit.com/oauth/request_token",
        method : 'POST'
    };
};

FitBitAuth.prototype.requestToken = function() {
    var oauth = this.createConsumerTokenSecretPair();
    var request_data = this.getRequestTokenRequestData();
    var authorized_request = oauth.authorize(request_data, '', FitBitAuth.nonce, FitBitAuth.timestamp);
    //alert(authorized_request);
    return authorized_request;
};

function auth1a() {
    var fb = new FitBitAuth();
    var rt = fb.requestToken();
    var req = Ti.Network.createHTTPClient();
    req.open("POST", FitBitAuth.request_token_url);
    req.setRequestHeader('Authorization', 'OAuth oauth_consumer_key="'+FitBitAuth.clientKey+'"');
    Ti.API.info(rt);
    req.send({
        oauth_timestamp : rt.oauth_timestamp,
        oauth_nonce : rt.oauth_nonce,
        oauth_signature : encodeURIComponent(rt.oauth_signature),
        oauth_signature_method: rt.oauth_signature_method,
        oauth_callback : encodeURIComponent(FitBitAuth.callback_url),
        oauth_version : rt.oauth_version
    });

    req.onload = function() {
        var json = this.responseText;
        Ti.API.info("HEADER =====================");
        Ti.API.info(req.getAllResponseHeaders());
        Ti.API.info("END HEADER =================");
        Ti.API.info(json);
        var response = JSON.parse(json);
        //alert(response);
    };
}

I have also tried the Fitbit API Debug tool to assist me in getting all the signature right, in fact the signature and base String do match with the one shown by Fitbit API Debug Tool.

However, I keep getting this Invalid Signature, a sample JSON return is shown below:

{"errors":[{"errorType":"oauth","fieldName":"oauth_signature","message":"Invalid signature: rN**ahem**SGJmFwHp6C38%2F3rMKEe6ZM%3D"}],"success":false}

I have also already tested to do the curl way and it works from Terminal, but to no avail it does not give me a success from Titanium.

Any help is appreciated.

Answer 1

I manage to solve it.

I tried to use another way of inserting the parameters through the header.

Such that the setRequestHeader will look like this:

req.setRequestHeader('Authorization', 'OAuth oauth_consumer_key="'+FitBitAuth.clientKey+'", oauth_nonce="'+rt.oauth_nonce+'", oauth_signature="'+rt.oauth_signature+'",...');

Alternatively, we can also use the built in toHeader feature of the oauth library that I'm using:

oauth.toHeader(oauth_data);

The code above will produce the oauth data in key-value pair.

{
    'Authorization' : 'OAuth oauth_consumer_key="xxxxxxxxxxxxx"&oauth_nonce="xxxxxx"&...
}

So instead of the long code for setRequestHeader, we can make use of the value of toHeader, code shown below:

req.setRequestHeader('Authorization', oauth.toHeader(oauth_data).Authorization);

Do note that the return result by fitbit is in plaintext.

auth_token=xxxxxxxx&auth_token_secret=xxxxxxxxx&...