From the Fitbit docs,
Here is the OAuth workflow overview:
Basically, you register an application to consume Fitbit api, which would require you to pass consumer_key and request user data access. This would typically involve listing all the operations that the application needs to do.
The provider then opens a prompt to the user to enter credentials and approve authorization to perform the above listed actions.
Once the user signs in and authorizes, the provider gives an
auth_token
which the application needs to pass in every operation.
The auth_token
can be set to expire after certain time, ensuring that the application does not get permanent access.
This way, your application does not need to store user credentials, and users are free to control access via the provider.
Edit 1
Ok, so in order to deal with OAuth providers, I have used OmniAuth gem to a great extent and have had no issues so far.
There is OmniAuth Fitbit strategy, that should help you integrate Fitbit OAuth in your rails application.