brad
commented
10 years ago Great point. Thanks for pointing that out, I wasn't aware of the problem.
Closed irl closed 10 years ago
brad
commented
10 years ago Great point. Thanks for pointing that out, I wasn't aware of the problem.
taylan
commented
10 years ago Some other benefits of moving to oauthlib (and possibly using requests-oauthlib for the internals): This will help simplify the code somewhat. Also, it can help python-fitbit to become Python 3 compatible. As far as I can see, all other dependencies are Python 3 compatible.
irl
commented
10 years ago If it becomes possible for the library to work with Python 3, I will create a second binary package for Debian with a Python 3 version. Of course, neither version will be usable in Debian until this is fixed.
brad
commented
10 years ago I've pushed alpha code to use oauthlib instead of the old library, but I want to do some more manual testing before calling it good and closing this issue. If any of you would like to test it yourselves it would be much appreciated.
brad
commented
10 years ago This is an API breaking update as far as the OAuth API is concerned, but the rest of the python fitbit API remains unchanged. Take a look at gather_keys_cli.py to see the updated and simplified workflow. The biggest change is that the callback_uri needs to be specified in the FitbitOauthClient constructor, rather than the authorize_url function.
mariosangiorgio
commented
10 years ago I tried to use the latest version of the library and it worked for me. I didn't tested it thoroughly but in the next days I'm going to use the library and if I discover any bug I'll report it here
brad
commented
10 years ago @mariosangiorgio Great! Thanks!
brad
commented
10 years ago @mariosangiorgio How's it working for you? Any issues?
The development of python-oauth2 stopped dead about 2 years ago.
There are currently two CVEs (security issues) reported for python-oauth2.
https://security-tracker.debian.org/tracker/source-package/python-oauth2
This means that python-fitbit is currently inheriting those security issues.
https://pypi.python.org/pypi/oauthlib would provide a secure alternative, and the upstream development is quite active. This was also the recommended library when I enquired on the debian-python mailing list.
https://security-tracker.debian.org/tracker/source-package/python-oauth2