force login/revoke access/programmatic access? about python-fitbit HOT 7 OPEN

@alextruong Thank you for your interest! Unfortunately, most of the OAuth2 authorization is not part of this library. We assume authorization has already been granted. If you use Django, you can try our https://github.com/orcasgit/django-fitbit library, which includes that authorization piece. Alternatively, there is some example authorization code using a CherryPy server in the python-fitbit repo in gather_keys_oauth2.py

from python-fitbit.

Thanks for the quick response! Currently, the code we have is importing the gather_keys_oauth2.py script and executing some of those functions to authorize, and that's where I was looking to make edits. However it looks like all of the stuff that deals with modifying the authorization URL is hidden inside a third-party library? Is that correct?

We haven't considered using Django, since we're only trying to craft a data-gathering tool. There should be minimum interactivity (run it once, download as much data as is required). Currently, it needs to be run for one user at a time, with a session clearing in between to manually dump token credentials; since the API gives more elegant ways to handle this (prompt and revoke access), I was wondering if that would be a thing that could happen.

Alternatively, I notice that the your api.py code makes use of python-requests; would it be possible to manually handle cookie dumping via that library? Which structures would I need to access from your class?

from python-fitbit.

Sorry @alextruong cookie dumping is beyond my knowledge. You're right that we use a third party library for the authorization: requests-oauthlib, which is itself a wrapper around oauthlib. Looking at that library, I don't see anything about a prompt parameter there though, so I'm not sure how we could go about adding it. Pull requests are always welcome 😄

from python-fitbit.

@brad The prompt parameter is less a feature of the library, and more a feature of the Fitbit API, actually; it's part of the URL construction to be sent with the request. Here's the section I'm referring to: https://dev.fitbit.com/docs/oauth2/#authorization-page

You'll notice that prompt is a feature of the authorization protocol a dev can implement. I just have no idea how to do so...

I'd totally submit a PR if I knew how to approach this, heh. :)

from python-fitbit.

So a super hacky way I was able to get around this was to hijack the URL in the OAuth2Server object of the gather_keys_oauth2.py script. Initialize the object:
server = OAuth2.OAuth2Server(client_id, consumer_secret)
Then just pull out the URL directly:
auth_url = server.oauth.authorize_token_url(redirect_uri = server.redirect_uri)[0]
Then you can mangle the URL with whatever parameters (such as prompt) you'd like and then validate afterwards with the modified URL.

I'm still verifying the integrity of the data accessible by this method as opposed to executing browser_authorize(), as it appears that intraday time series disappears (or maybe there's something wrong on our side), but that's a different story entirely. :)

from python-fitbit.

I've been trying to figure out how to automate text entry into both user and pass text fields with Selenium web driver, however, there doesn't appear to be a way to interact with the current browser session without first opening either a new browser or tab. Any suggestion?

from python-fitbit.

I've since added this feature to the gather_keys_oAuth2.py. Since I am new to Github, I'll simply attach the updated .py file here (see lines 41-53, 61). Note, you can't hit the Fitbit API very often (freq unknown) without getting temporarily blocked. Thanks!

gather_keys_oauth2.py.zip

from python-fitbit.