2

I'm following the guide provided here in order to get permanent access to a Withings account via the OAuth protocol. Everything works perfectly until the last part of the second step:

Authorize this token :
... Then the User allows by clicking on "Allow" button and he will be redirected to the callback url you set at the beginning of this step. ...

However, when the user hits Allow, I am not redirected to my callback url. Instead, I am directed to an "Access Granted" Withings page with an oauth_token and an oauth_verifier.

Please help?

The example they have show the following:

> https://oauth.withings.com/account/authorize?

> oauth_callback=http%3A%2F%2Fexample.com%2Fget_access_token
> &oauth_consumer_key=c331c571585e7c518c78656f41582e96fc1c2b926cf77648223dd76424b52b
> &oauth_nonce=369f9ceb2f285ac637c9a7e9e98019bd
> &oauth_signature=OR9J9iEl%2F2yGOXP2wk5c2%2BWtYvU%3D
> &oauth_signature_method=HMAC-SHA1 
> &oauth_timestamp=1311778988
> &oauth_token=5bb105d2292ff43ec9c0f633fee9033045ed4643e9871b80ce586dc1bf945
> &oauth_version=1.0

While my call looks like this:

> https://oauth.withings.com/account/authorize?

> oauth_callback=http%3A%2F%2Fmysite.com
> &oauth_consumer_key=myConsumerKey
> &oauth_nonce=1234 
> &oauth_signature=6mQ5iICsxxJyunjrGlZLMFNbUQA%3D
> &oauth_signature_method=HMAC-SHA1 
> &oauth_timestamp=1376934855
> &oauth_token=myOauthToken
> &oauth_version=1.0

This is my php code:

$callback_uri = rawurlencode("http://www.mysite.com");
$authorization_uri = 
"https://oauth.withings.com/account/authorize?" . 
'oauth_callback=' . $callback_uri . 
'&oauth_consumer_key=' .  $oauth_params['oauth_consumer_key'] .
'&oauth_nonce=' .  $oauth_params['oauth_nonce']  .
'&oauth_signature=' .  rawurlencode($oauth_signature) .
'&oauth_signature_method=' .  $oauth_params['oauth_signature_method'] .
'&oauth_timestamp=' .  $oauth_params['oauth_timestamp'] .
'&' . $token . 
'&oauth_version=' .  $oauth_params['oauth_version'];

header("Location: " . $authorization_uri);
JRam13
  • 1,132
  • 1
  • 15
  • 25

1 Answers1

2

Wow... ok. I finally got this. Took me a while to figure it out.

Apparently, the callback url must be provided at the request Token step (step 1) and not the Authorization step (step 2). So everything above is still correct the way it is.

JRam13
  • 1,132
  • 1
  • 15
  • 25
  • 1
    This helped me. Their example code doesn't work. I had to change "callback_url" to "oauth_callback". I also had to pass it during the request token step in addition to the authorization step. Pretty frustrating to get broken example code from a vendor. – Josh Ribakoff Sep 17 '13 at 18:12
  • you mind highlighting in your answer, the correct usage.. or did you edit your original question to have the correct settings? – Erik Jul 08 '14 at 19:23