Making Fitbit API client with scribe-java for OAuth 2.0

So, recently Fitbit has upgraded its API’s OAuth standard to OAuth2.0, however, their docs does not strictly follow the standard of OAuth2.0.

For example, to get the access token, they require a basic authorization in header of the request and the value is the Base64 encoded string of the concatenation of your client id and secret separated by a colon (clientId:clientSecret). This is a bit redundant, IMO, as in the body parameters, you already need to send your client Id.

When I first found out that they use OAuth2.0, I could not wait to try scribe-java as it is a great library for OAuth2.0 client. However, as Fitbit’s one does not really follow exactly the standard, so it’s a bit of hacky to use scribe-java.

Nevertheless, it’s still quite simple to get the job done (thanks to the excellent work of scribe-java). I have made a simple demo in my Github’s repository. You can just copy two classes: FitbitApi20 and Fitbit20ServiceImpl and then the setup will be super smooth to do:

final OAuth20Service service = new ServiceBuilder()
                .apiKey(clientId)
                .apiSecret(clientSecret)
                .scope("activity%20profile") // replace with desired scope
                .callback("http://example.com")  //your callback URL to store and handle the authorization code sent by Fitbit
                .state("some_params")
                .build(FitbitApi20.instance());

Quite easy, isnt?