Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Android Chrome custom tabs / Fitbit web API won't redirect if app is already authorized. (OAuth2.0)

I intend on creating a third party fitbit app for alarm synchronizing.

However, I have encountered some difficulties regarding the registration of my app, more explicitly on getting the access token even thou my client is already registered to the app. ( Considering the scenario that a user reinstall his application).

I'm using Chrome custom tabs (as WebView is prohibited by FitBit) to request the access token :

String url = "https://www.fitbit.com/oauth2/authorize?" +
                    "response_type=token" +
                    "&client_id=XXXXXX" +
                    "&scope=activity"+
                    "&redirect_uri=fitbittester://logincallback";
            customTabsIntent.launchUrl(MainActivity.this, Uri.parse(url));

Upon redirecting to the custom scheme defined with an intent-filter:

<activity
        android:name=".TestActivity"
        android:label="TestActivity"
        android:theme="@style/AppTheme.NoActionBar">
        <intent-filter>
            <action android:name="android.intent.action.VIEW"/>
            <category android:name="android.intent.category.DEFAULT"/>
            <category android:name="android.intent.category.BROWSABLE"/>
            <data android:scheme="fitbittester" android:host="logincallback" />
        </intent-filter>
    </activity>

TestActivity should launch, where I'll get my AccessToken from the given Intent:

public class TestActivity extends AppCompatActivity {

String string;

@Override
protected void onNewIntent(Intent intent) {
    string = intent.getDataString();
}

@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_test);
    Toolbar toolbar = (Toolbar) findViewById(R.id.toolbar);
    setSupportActionBar(toolbar);
    onNewIntent(getIntent());
    Toast.makeText(TestActivity.this, string , Toast.LENGTH_LONG).show();
    Log.e("TAG", string);
    Log.e("TAG", string.substring(string.indexOf("&access_token")+14));
}

}

Everything works fine on the first run (providing the fact that the client is not already authorized), but after that if want to get my access token again ( I know I should store it locally - SharedPreferences most likely, but this is for testing purposes only) chrome custom tabs will open and stay on an empty page (apparently it won't properly redirect).

I have read the FitBit WEB API and it says the following: If an application using the Implicit Grant flow sends a user to the authorization page before the previously issued access token has expired, the user will not be prompted unless the scope has increased. The user will be redirected immediately to the application with an access token.

So my question is if there is a fault in my thinking about the problem or
a chrome custom tabs fault I should intercept?

Thank you very much in advance.

like image 742
Buruiană Cătălin Avatar asked Nov 19 '15 21:11

Buruiană Cătălin


1 Answers

I have found a workaround for this problem. Basically I'm inserting a new parameter in the Url with the query for the Fitbit API. ( "&prompt=login" ) . This parameter will prompt the user to re-login every time it queries for the authorization token, logging him out if it is already logged in.

like image 151
Buruiană Cătălin Avatar answered Oct 10 '22 21:10

Buruiană Cătălin