3

I have started digging into Jawbone's UP API today and everything seems to go fine throughout the authentication process. The problem is that, once I get an access token back, it's always the same token, it doesn't work in any of my requests, and I can't change it with the refresh_token endpoint.

oAuth setup:

$url_params = array(
    'response_type' => 'code',
    'client_id' => CLIENT_ID,
    'scope' => array('basic_read', 'extended_read', 'move_read'),
    'redirect_uri' => 'https://my-site.com/up_auth.php',
);

These are the parameters attached to the https://jawbone.com/auth/oauth2/auth URL and I get sent to Jawbone and prompted as expected. When I accept the authorization I get kicked back to my-site.com as expected with the code in the URL. I then use the code like so

$params = array(
    'client_id' => CLIENT_ID,
    'client_secret' => APP_SECRET,
    'grant_type' => 'authorization_code',
    'code' => $code,
);

And attach those parameters to https://jawbone.com/auth/oauth2/token and finally get kicked back to my server with something similar to: 

{
    "access_token": "REALLY_LONG_STRING",
    "token_type": "Bearer",
    "expires_in": 31536000,
    "refresh_token": "ANOTHER_REALLY_LONG_STRING"
}

When I use access_token to try and get a response like this

$headers = array(
    'Host: my-site.rhcloud.com',
    'Connection: Keep-Alive',
    'Accept: application/json',
    "Authorization: Bearer {$_REQUEST['access_token']}",
);

$ch = curl_init('https://jawbone.com/nudge/api/v.1.1/users/@me/moves');
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$o = curl_exec($ch);
curl_close($ch);
var_dump($o);

from the API, this is the response every time:

{
    "meta": {
        "code": 401,
        "error_detail": "You must be logged in to perform that action",
        "error_type": "authentication_error",
        "message": "Unauthorized"
    },
    "data": {

    }
}

The token never changes, even in a private browsing session, and even if I successfully refresh using the provided refresh_token and the proper API call - the call succeeds, but Jawbone gives me back the same token. If I test the same flow through the Jawbone API Console, the Bearer token in the request headers is different from the one I get here. Note that I get the same access_token when I attempt the same process with my wife's Jawbone credentials as well.

phatskat
  • 1,797
  • 1
  • 15
  • 32
  • Did you ever figure this out? It's pretty strange - I've having a similar issue... – ckm Apr 13 '15 at 06:20
  • Unfortunately nothing, which has stalled my development. It's a real bummer, but at this point I'm completely stumped. I did, however, earn the Tumbleweed badge for this question, so I've got that going for me, which is nice. – phatskat Apr 13 '15 at 19:31
  • proxy or caching problem? – Colin Jul 12 '15 at 01:43
  • try adding all the scopes available . My problem was solved after that. – hybrid Sep 01 '15 at 03:19

1 Answers1

1

Finally figured out what was going on and heard back from Jawbone about it. It turns out that they have collisions on the backend if you use the same auth with two different clients.

For anyone else that runs into this problem, don't use the same login in two different contexts simultaneously as it will reset auths in weird ways.

In our case, we have test user accounts that are often shared between devs since it is sometimes hard to get real data unless you have the actual device. This was causing 'duplicate' logins that made Jawbone code freak out.

We got confirmation from a Jawbone dev who ran into the same problem when developing an internal app.....

ckm
  • 1,326
  • 10
  • 15
  • Thanks for replying to this very, very old topic. I have long-since stopped toying with the Jawbone API, but I'm glad there's some resolution. If I get back to it sometime, I'll remember this. – phatskat Oct 07 '15 at 20:13