authentication - Jawbone UP API oAuth and Access Tokens -
i have started digging jawbone's api today , seems go fine throughout authentication process. problem that, once access token back, it's same token, doesn't work in of requests, , can't change refresh_token endpoint.
oauth setup:
$url_params = array( 'response_type' => 'code', 'client_id' => client_id, 'scope' => array('basic_read', 'extended_read', 'move_read'), 'redirect_uri' => 'https://my-site.com/up_auth.php', );
these parameters attached https://jawbone.com/auth/oauth2/auth
url , sent jawbone , prompted expected. when accept authorization kicked my-site.com expected code in url. use code so
$params = array( 'client_id' => client_id, 'client_secret' => app_secret, 'grant_type' => 'authorization_code', 'code' => $code, );
and attach parameters https://jawbone.com/auth/oauth2/token
, kicked server similar to:
{ "access_token": "really_long_string", "token_type": "bearer", "expires_in": 31536000, "refresh_token": "another_really_long_string" }
when use access_token
try , response this
$headers = array( 'host: my-site.rhcloud.com', 'connection: keep-alive', 'accept: application/json', "authorization: bearer {$_request['access_token']}", ); $ch = curl_init('https://jawbone.com/nudge/api/v.1.1/users/@me/moves'); curl_setopt($ch, curlopt_httpheader, $headers); curl_setopt($ch, curlopt_returntransfer, true); $o = curl_exec($ch); curl_close($ch); var_dump($o);
from api, response every time:
{ "meta": { "code": 401, "error_detail": "you must logged in perform action", "error_type": "authentication_error", "message": "unauthorized" }, "data": { } }
the token never changes, in private browsing session, , if refresh using provided refresh_token
, proper api call - call succeeds, jawbone gives me same token. if test same flow through jawbone api console, bearer token in request headers different 1 here. note same access_token when attempt same process wife's jawbone credentials well.
finally figured out going on , heard jawbone it. turns out have collisions on backend if use same auth 2 different clients.
for else runs problem, don't use same login in 2 different contexts simultaneously reset auths in weird ways.
in our case, have test user accounts shared between devs since hard real data unless have actual device. causing 'duplicate' logins made jawbone code freak out.
we got confirmation jawbone dev ran same problem when developing internal app.....
Comments
Post a Comment