search

orcasgit / python-fitbit

Fitbit API Python Client Implementation
Other
623 stars 330 forks source link

fitbit do not allow callback URLs with http anymore #163

Open BigValen opened 3 years ago

BigValen commented 3 years ago

Fitbit won't allow a new application without a https callback.

Screenshot from 2020-12-11 10-45-37

Probably should switch to https...this worked for me.


diff --git a/gather_keys_oauth2.py b/gather_keys_oauth2.py
index 39a19f8..c021ce1 100755
--- a/gather_keys_oauth2.py
+++ b/gather_keys_oauth2.py
@@ -14,7 +14,7 @@ from oauthlib.oauth2.rfc6749.errors import MismatchingStateError, MissingTokenEr

 class OAuth2Server:
     def __init__(self, client_id, client_secret,
-                 redirect_uri='http://127.0.0.1:8080/'):
+                 redirect_uri='https://localhost:8080/'):
         """ Initialize the FitbitOauth2Client """
         self.success_html = """
             <h1>You are now authorized to access the Fitbit API!</h1>
@@ -42,8 +42,13 @@ class OAuth2Server:

         # Same with redirect_uri hostname and port.
         urlparams = urlparse(self.redirect_uri)
-        cherrypy.config.update({'server.socket_host': urlparams.hostname,
-                                'server.socket_port': urlparams.port})
+        cherrypy.config.update({
+            'server.socket_host': urlparams.hostname,
+            'server.socket_port': urlparams.port,
+            'server.ssl_module': 'builtin',
+            'server.ssl_certificate': 'cert.pem',
+            'server.ssl_private_key': 'privkey.pem'
+            })

But you also need to run python in an environment with a variable that tells OAUTHLIB to be cool about a bunch of things;

export OAUTHLIB_RELAX_TOKEN_SCOPE=1

guillochon commented 3 years ago

Missing from these instructions are the fact that you need to generate a cert.pem and privkey.pem file using this guide here: https://docs.cherrypy.org/en/3.3.0/progguide/security.html

Also one needs to add the certificate to the keychain and trust it, instructions available here: https://www.ateam-oracle.com/how-to-make-chrome-on-os-x-trust-a-self-signed-certificate

3v1n0 commented 3 years ago

The links are dead but you can generate things quite easily by using:

openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout privkey.pem -out cert.pem

This is self-signed certificate so on the browser (firefox for example) when you get the certificate error, you can just go in advanced toggle to allow this certificate and all will work properly.