OAuth: Missing parameter response_type

java android oauth misfit

11,091

you are missing some request parameters in both authorize and token requests. Change auth url as:

String url = String url = OAUTH_URL+ "?response_type=code" +"&client_id=" + CLIENT_ID+ "&redirect_uri=" + CALLBACK_URL + "&scope=" + SCOPE;

where SCOPE is a comma separated permissions string like 'public,birthday,email'.

And, change token request params as:

String query = "grant_type=authorization_code" + "&client_id=" + CLIENT_ID + "&client_secret=" + CLIENT_SECRET + "&code=" + accessCode+ "&redirect_uri=" + CALLBACK_URL;

For more details refer to Misfit api reference

11,091

Author by

FuriousFry

Updated on June 04, 2022

Comments

FuriousFry almost 2 years

I am building a mobile android app that connects to Misfit's API to collect data and do some scientific research. (https://build.misfit.com/) Misfit's API uses an OAuth authorization method that proves to be a bit difficult.

I got as far as pressing a button opens a WebView to the Authorization page of Misfit, where I then can log in. After I'm logged in, the webview produces the following error:

{"error":"invalid_request","error_description":"Missing required parameter: response_type"}

My code for issuing that request is as follows: The idea is to POST for the token and GET the access code, store them both in the SharedPreferences so that not every app-start requires a new log-in

public class OAuthActivity extends Activity {

public static String OAUTH_URL = "https://api.misfitwearables.com/auth/dialog/authorize";
public static String OAUTH_ACCESS_TOKEN_URL = "https://api.misfitwearables.com/auth/tokens/exchange";

public static String CLIENT_ID = "Here's a client ID";
public static String CLIENT_SECRET = "and the secret, that obviously stays hidden.";
public static String CALLBACK_URL = "http://localhost";

@Override
public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_auth_o);

    String url = OAUTH_URL + "?client_id=" + CLIENT_ID;

    WebView webview = (WebView)findViewById(R.id.webview);
    webview.getSettings().setJavaScriptEnabled(true);
    final SharedPreferences prefs = this.getSharedPreferences(
            "com.iss_fitness.myapplication", Context.MODE_PRIVATE);
    webview.setWebViewClient(new WebViewClient() {
        public void onPageStarted(WebView view, String URL, Bitmap favicon) {
            String accessTokenFragment = "access_token=";
            String accessCodeFragment = "code=";

            // We hijack the GET request to extract the OAuth parameters

            if (url.contains(accessTokenFragment)) {
                // the GET request contains directly the token
                String accessToken = url.substring(url.indexOf(accessTokenFragment));
                prefs.edit().putString("Token", accessToken);

            } else if(url.contains(accessCodeFragment)) {
                // the GET request contains an authorization code
                String accessCode = url.substring(url.indexOf(accessCodeFragment));
                prefs.edit().putString("Code", accessCode);


                String query = "&client_id=" + CLIENT_ID + "&client_secret=" + CLIENT_SECRET + "&code=" + accessCode;
                view.postUrl(OAUTH_ACCESS_TOKEN_URL, query.getBytes());
            }

        }



    });
    webview.loadUrl(url);


}

Note: I found this code online and it was one of the codes that I as a new app developer could most easily understand. Still, there is no explanation whatsoever given, if the above code proves to be wrong (or my understanding of it) please correct me. Also: How can I get, after logging in, the OAuth activity redirecting me to the main activity?