HealthLog version
1.25.12
Deployment type
Self-hosted (Docker)
What happened?
The documentation states:
HealthLog reads Fitbit and Pixel data through the Google Health API. The OAuth app is therefore a Google Cloud OAuth client — not a Fitbit developer-console app.
However, clicking "Connect with Google Health" redirects to the legacy Fitbit OAuth endpoint instead of Google's OAuth. This can be verified in the browser URL bar:
fitbit.com/oauth2/authorize?response_type=code
&client_id=.apps.googleusercontent.com
&redirect_uri=https:///api/fitbit/callback
&scope=activity+cardio_fitness+heartrate+oxygen_saturation+profile+respiratory_rate+sleep+weight
Two issues are visible here:
Wrong authorization endpoint: fitbit.com/oauth2/authorize instead of accounts.google.com/o/oauth2/v2/auth
Wrong scopes: Legacy Fitbit scopes (activity, heartrate, sleep, etc.) instead of Google Health API scopes (googleapis.com/auth/googlehealth.activity_and_fitness.readonly, etc.)
This results in:
unauthorized_client - Invalid client_id
...which is expected — Fitbit's legacy endpoint does not accept Google Cloud OAuth Client IDs.
Expected behavior
Browser redirects to accounts.google.com/o/oauth2/v2/auth with Google Health API scopes
Actual: Browser redirects to fitbit.com/oauth2/authorize with legacy Fitbit scopes → unauthorized_client
Steps to reproduce
Steps to reproduce
Enable the Google Health API in Google Cloud Console
Create an OAuth 2.0 Web Client with redirect URI https:///api/fitbit/callback
Configure OAuth consent screen with Google Health scopes and add a test user
Paste Client ID and Secret into HealthLog → Settings → Integrations → Google Health
Click "Connect with Google Health"
Relevant logs / screenshots
Browser / OS (if applicable)
Chrome / Firefox
Pre-flight checks
HealthLog version
1.25.12
Deployment type
Self-hosted (Docker)
What happened?
The documentation states:
HealthLog reads Fitbit and Pixel data through the Google Health API. The OAuth app is therefore a Google Cloud OAuth client — not a Fitbit developer-console app.
However, clicking "Connect with Google Health" redirects to the legacy Fitbit OAuth endpoint instead of Google's OAuth. This can be verified in the browser URL bar:
fitbit.com/oauth2/authorize?response_type=code
&client_id=.apps.googleusercontent.com
&redirect_uri=https:///api/fitbit/callback
&scope=activity+cardio_fitness+heartrate+oxygen_saturation+profile+respiratory_rate+sleep+weight
Two issues are visible here:
Wrong authorization endpoint: fitbit.com/oauth2/authorize instead of accounts.google.com/o/oauth2/v2/auth
Wrong scopes: Legacy Fitbit scopes (activity, heartrate, sleep, etc.) instead of Google Health API scopes (googleapis.com/auth/googlehealth.activity_and_fitness.readonly, etc.)
This results in:
unauthorized_client - Invalid client_id
...which is expected — Fitbit's legacy endpoint does not accept Google Cloud OAuth Client IDs.
Expected behavior
Browser redirects to accounts.google.com/o/oauth2/v2/auth with Google Health API scopes
Actual: Browser redirects to fitbit.com/oauth2/authorize with legacy Fitbit scopes → unauthorized_client
Steps to reproduce
Steps to reproduce
Enable the Google Health API in Google Cloud Console
Create an OAuth 2.0 Web Client with redirect URI https:///api/fitbit/callback
Configure OAuth consent screen with Google Health scopes and add a test user
Paste Client ID and Secret into HealthLog → Settings → Integrations → Google Health
Click "Connect with Google Health"
Relevant logs / screenshots
Browser / OS (if applicable)
Chrome / Firefox
Pre-flight checks