Oauth authentification to Fitbit using httr

Question

I'm trying to connect to the fitbit api using the httr library.

Using the examples provided, I came up with the following code:

library(httr)

key <- '<edited>'
secret <- '<edited>'
tokenURL <- 'http://api.fitbit.com/oauth/request_token'
accessTokenURL <- 'http://api.fitbit.com/oauth/access_token'
authorizeURL <- 'https://www.fitbit.com/oauth/authorize'

fbr <- oauth_app('fitbitR',key,secret)
fitbit <- oauth_endpoint(tokenURL,authorizeURL,accessTokenURL)

token <- oauth1.0_token(fitbit,fbr)
sig <- sign_oauth1.0(fbr,
    token=token$oauth_token,
    token_secret=token$oauth_token_secret
)

I get the Authentication complete. message from httr, but trying to access the api then throws an error message

GET("http://api.fitbit.com/1/user/-/activities/date/2012-08-29.json", sig)
Response [http://api.fitbit.com/1/user/-/activities/date/2012-08-29.json]
  Status: 401
  Content-type: application/x-www-form-urlencoded;charset=UTF-8
{"errors":[{"errorType":"oauth","fieldName":"oauth_access_token","message":"Invalid signature or token '<edited>' or token '<edited>'"}]} 

Any clue about what the problem might be?

Answer 1

The problem comes from the httr library, that uses curlEscape for encoding paramaters while the OAuth 1.0 specifications requires percent encoding (see this page).

Replacing calls to curlEscape with curlPercentEncode solves the issue!

many thanks to @mark-s for his help.

Answer 2

The only thing I notice is that your call to get the signature is slightly different than the httr examples. The httr examples are:

sig <- sign_oauth1.0(myapp, token$oauth_token, token$oauth_token_secret)

While your code is:

sig <- sign_oauth1.0(fbr,
    token=token$oauth_token,
    token_secret=token$oauth_token_secret
)

Do you need the "token=" and "token_secret=" in your code?