2

I am working on a mobile app I am trying to integrate with Fitbit. In the documentation, I noticed that Fitbit OAuth 2.0 requires a browser window be opened for the authentication process or else an app would be banned from Fitbit. After reviewing several packages on npm for handling OAuth 2.0, I found react-native-app-auth.

Does react-native-app-auth function in a way that makes sure this Fitbit rule is not violated? This is somewhat confusing for me in that this is a mobile app. I would really like to use this plugin but want to make sure my app is not banned from Fitbit.

halfer
  • 19,824
  • 17
  • 99
  • 186
user1790300
  • 2,143
  • 10
  • 54
  • 123

1 Answers1

1

Pretty much the de facto standard for mobile logins these days is to plug in the Google AppAuth libraries, which handle logins via InApp browsers. These windows are external to the actual mobile app, and are recommended from both a security and usability viewpoint:

React Native has a bridge to integrate these libraries, but this is not trivial unfortunately.

While I don't know FitBit, it has become quite common for logins on a web view to be banned, and I'm pretty sure that using AppAuth based libraries would get you past this blocker.

Gary

PS. Rather than writing any code, a good next step might be to point the actual AppAuth samples at FitBit, to check that logins work OK. I have some posts that might help with this:

If I'm not mistaken you'll just need to download the samples, then configure 3 fields to point to FitBit:

  • Authority
  • Client Id
  • Redirect URI

My write ups are in terms of Okta, but logins should work for any open standards based provider.

Gary Archer
  • 22,534
  • 2
  • 12
  • 24