Reputation: 3
Fitbit access token Implicit Grant Flow
I'm developing a web application (in Java with spark java framework) that allows the user to retrieve information from his actitivities stored in fitbit. To do this I'm using the Implicit Grant Flow to obtain the access token, but I don't know how to retrieve this from the redirect url (it's something like "http://localhost:4567/oauth"), I've to do Client side or I can retrieve Server side? If I try to retrieve (the URL with the access token in java side) with request.url() or request.raw().getRequestURI() I get only the URL without the fragment containing the access token, for example, after the authorization fitbit redirects me with an url like http://localhost:4567/oauth#access_token=xxxxxxxxxxxxxxxxxxxxx and I cant retrieve the part after the "#" that contain what I need. Thanks for help and sorry for my english
Upvotes: 0
Views: 514
Answers (1)
Reputation: 8421
If you want your backend to get the access token, you should use the Authorization code grant flow, not the implicit flow. The implicit flow uses the hash part of the redirect URL (behind #) to transfer the token, which stays in a browser and doesn't get to the backend. With the Auth code grant flow, you get a code as a query param, so you can easily read it using the Java Servlet API or some Spark API built on top of it. Then you need to exchange the grand code for an access token using the OAuth2 /token endpoint.
Upvotes: 0
Related Questions
- Implicit Grant Type - How to acces the stackexchange API
- Trying to Authenticate Coldfusion to FitBit API OAuth1
- WSO2IS access token always invalid
- Mutual authentication with Spark Java
- Unauthorized_client in fitbit
- Fitbit and OAuth 2.0
- FitBit OAuth 2.0 Access_token resulting missing grant_type parameter value
- Fitbit Authorization with OAuth.io
- Unrecognized temporary token when attempting to complete authorization: FITBIT4J
- FitBit - Authenticate on behalf of user