Need help with complicted Oauth process

I am trying to write ST device code for fitbit api.
https://www.fitbit.com/dev/dev

I am having trouble translating their OAuth instructions into usable groovy code.

They have an OAuth tutorial Page which I am able to complete and have full access for my ST app.
https://dev.fitbit.com/apps/oauthtutorialpage

Step G tests the API request and works fine for me. But I can’t for the life of me figure out how to generate the “Signature” for step G.

I asked in the fitbit forums but they pointed me to scribe-java or oauth-signpost libraries and I still can’t figure out how these translate to ST groovy device code.

I found some posts from @geko about OAuth but it seems to be a less complicated implementation. Fitbit has a very complicated handshake.

I did manage to get OAuth working for my enlighten Solar System so I know I can work with the simpler implementation but fitbit is very secure.

It is looking for this

http://tools.ietf.org/html/rfc5849#section-3.4

As described here

https://wiki.fitbit.com/display/API/OAuth+Authentication+in+the+Fitbit+API#OAuthAuthenticationintheFitbitAPI-TheOAuthFlow

oauth_signature is returned from a POST /oauth/access_token

please post your fitbit app when you get it working!

Any tips on translating this into Groovy Code ? I am new to Groovy so not too sure what I need to do. I found the fitbit docs but they don’t have much in the way of sample code.

Is there a groovy library that I can use to generate this signature ?

I found this http://groovy.codehaus.org/modules/http-builder/doc/auth.html

So I dropped the code into my driver along with an import of
import oauth.signpost.*;

but I get the following when I try to save

org.codehaus.groovy.control.MultipleCompilationErrorsException: startup failed:
script14256159878791956698891.groovy: 83: unable to resolve class OAuthConsumer 
@ line 83, column 20.
OAuthConsumer consumer = new DefaultOAuthConsumer(
^

script14256159878791956698891.groovy: 83: unable to resolve class DefaultOAuthConsumer 
@ line 83, column 31.
OAuthConsumer consumer = new DefaultOAuthConsumer(
^

script14256159878791956698891.groovy: 89: unable to resolve class OAuthProvider 
@ line 89, column 23.
OAuthProvider provider = new DefaultOAuthProvider(
^

script14256159878791956698891.groovy: 89: unable to resolve class DefaultOAuthProvider 
@ line 89, column 34.
OAuthProvider provider = new DefaultOAuthProvider(
^

4 errors

But These should have been defined from the import.

For example OAuthConsumer
http://mttkay.github.io/signpost/signpost-core-apidocs/oauth/signpost/package-summary.html

So I am not sure if imports don’t work in the ide or if I have some other issue.

I am starting to think the ST can’t support OAuth 1.0. I have tried to import the libraries I need but can’t seem to figure out how to do an import. Using @Grab doesn’t work and straight imports don’t seem to work. Feel like I am working in the dark here too many much is new to me so I don’t know what is me doing things wrong and what is limited by the ide.

1 Like

Digging a little further I have learned that ST supports OAuth 2 not OAuth 1.0 and libraries can not be imported. So looks like for now I need to wait for Fitbit to upgrade to OAuth 2 or try to write some type of relay service or something…I think I will wait.

@isriam if I get a device working I will post it back to the community. What would you want to be using it for ? Just so I have an idea of what the device should support.
I was planning on having it report my weight so I could have ST nag me if i start gaining :smile:

Given that OAuth sits on top of HTTP, I would imagine that this wouldn’t be hard to implement; even if to hack.

Is the source code saved anywhere where I could have a look? I had to teach myself how to make Lockitron OAuth work, so since that is still a little fresh-ish in my head I’d love to look.

I really want sleep event support!

Yeah, just need a capture of the traffic back and forth and should be able to spoof the oauth 1 token process.

Capture it where ? I would consider writing this but don’t want to maintain a server just for this purpose. Any ideas ?

Well, most browsers have developer tools typical f12 to access. They usually have a network tab that logs the requests and responses between the server and browser.

From those interactions one can reverse the browser interaction with user and server and then recreate it in a smart app using the httpget/post/put functions and getting the responses and session and cookies to get at whatever data the browser presents.

:airplane:
:man:
That just flew over my head :smile:
Just kidding… I get what your saying but I think I will wait for fitbit to support OAuth 2

Well, my offer is still there. :slight_smile:

What’s the offer ?

What source code are you looking for ? I have device code I started but since the oauth stuff fails it doesn’t work. I am more then willing to share if that is what you are looking for.
The code is very “WRONG” so you might be better off starting from scratch. But here it is.
https://github.com/gouldner/ST-Projects/blob/master/ST-Devices/src/Fitbit/FitbitDevice.groovy

I also have working OAuth 2 code for another device (Enlighten Solar System API) which I could share if you want to see working code :slight_smile:

The offer was to have a look. :slight_smile: I will do such. Thanks!

I should be able to make sense of this!

My first recommendation is to split the OAuth code out of the Device Type. The general practice is the OAuth/authentication code is built into a Smart App called a Connect app. It basically handles the cloud-to-cloud access, and then a child Device Type represents the individual devices (so, in this case, the trackers and scales and whatnot). Check out my Lockitron code for an idea: https://github.com/dkirker/smartthings-lockitron

1 Like

Hi all. I just gave up on waiting for the UP3 to ever be released and purchased a FitBit Charge HR. I’d love to help with SmartThings integration if no one here has had any luck yet. Let me know what the current status is and I’ll see what I can do.

I am waiting for FitBit to release their OAuth 2.0 public beta access. OAuth 1 doesn’t work with ST. It has been mentioned in this thread that you can probably write an external interface to the OAuth 1 that ST could access but OAuth 2.0 will be much easier to maintain.

Ok, I see the announcement back in January that OAuth 2 support is coming soon. If it doesn’t come soon, I may take a crack at that OAuth 1 interface.

They need to release the OAuth2 for the new devices for heart rate data so I am hoping it will be soon.

1 Like

@obycode Any progress here? My girlfriend was gifted a Charge HR. I’d love to get it integrated somehow.