Implement FitBit OAuth authentication flow using Memory storage

[jhnferraris]

Anyone who has done the authentication flow of FitBit using Memory storage only? Can you post your workflow here? Thanks!

[jhnferraris]

Finally figured it out. Authentication flow should be broken down to specific parts

This assumes that $this->service is a FitBit service.

1. Do $requestTokenInterface = $this->service->requestRequestToken(). It should return the temporary token interface that will be used to get the authentication page.

2. Prior to getting the authentication page. Store the temporary oauth token secret somewhere (can be in memcache) and set the temp oauth token as the id.

   $tempOAuthToken       = $requestTokenInterface->getRequestToken();
   $tempOAuthTokenSecret = $requestTokenInterface->getRequestTokenSecret();
   
   $cache = \CMemcache();
   $cache->set($tempOAuthToken, $tempOAuthTokenSecret, (60 * 30));

3. Get the authentication url passing the oauth_token as query parameter
4. After the user has authenticated the app to link FitBit, it will return with the temporary oauth token and oauth verifier.
5. Prior to getting the final access tokens, get the temporary oauth token secret from the cache using the temporary oauth token we obtained earlier as the id. The temporary oauth token secret should be stored in the memory token interface since it will be use to query the final access tokens.
6. Query the final access tokens and save it in your db if you want to use it in the future.

This steps will help others when they are trying to authenticate an app to use FitBit in a stateless (no session) manner.

[logical-and]

Hmm, does it not work for you?

[jhnferraris]

@logical-and That does work when you're authenticating it from a browser. But my suggested flow is for when a consumer has a mobile application and has its own api to use for linking.