[codex] Fix Fitbit live redirect URI

[elkimek]

Summary

• send the exact Fitbit dev-console redirect URI for the live app: https://app.getbased.health
• remove unregistered hosted variants https://app.getbased.health/ and https://app.getbased.health/app from the Fitbit registry
• keep localhost, getbased.health/app, and beta redirect entries aligned with the configured Fitbit account
• bump version.js to invalidate the cached adapter registry

Validation

• node tests/test-wearables.js
• git diff --check
• confirmed https://app.getbased.health returns the app shell for the callback target

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
get-based	Ready	Preview, Comment	Jun 2, 2026 5:40am

[greptile-apps]

Greptile Summary

This PR fixes the Fitbit OAuth redirect URI in the adapter registry to match the exact value registered in the Fitbit dev console (https://app.getbased.health), removing two previously unregistered variants (/app and trailing-slash forms) that would have caused OAuth authorization failures on the live host.

• js/wearable-adapters.js: Replaces https://app.getbased.health/app, https://app.getbased.health/, and https://beta.getbased.health/app with https://app.getbased.health, keeping the remaining entries (localhost, getbased.health/app, beta.getbased.health/) aligned with the registered Fitbit application.
• tests/test-wearables.js: Updates the three Fitbit redirect assertions to verify the new exact URI, confirm pickRedirectUri returns the bare origin for the live host, and assert the removed variants are absent.
• version.js: Bumps APP_VERSION from 1.8.343 to 1.8.344 to bust the service worker cache and force clients to pick up the updated adapter registry.

Confidence Score: 5/5

Safe to merge — all three changed files make targeted, well-tested corrections with no logic regressions.

The adapter registry change precisely replaces the previously incorrect URIs with the exact Fitbit-registered value. The pickRedirectUri function's byOrigin fallback correctly returns https://app.getbased.health for any path under that origin, and the updated test suite verifies the new URI is present, the picker returns it, and the removed variants are absent. The version bump follows the project's documented cache-busting pattern.

No files require special attention.

Important Files Changed

Filename	Overview
js/wearable-adapters.js	Replaces three unregistered Fitbit redirect URIs with the exact dev-console value; remaining entries are unchanged and correctly aligned.
tests/test-wearables.js	Replaces two stale assertions and adds a third negative assertion; all three now correctly verify the new URI list and pickRedirectUri behavior for the live host.
version.js	Patch version bump from 1.8.343 to 1.8.344 to invalidate the service worker cache and force clients to load the updated adapter registry.

Sequence Diagram

sequenceDiagram
    participant App as App (app.getbased.health)
    participant pickRedirectUri as pickRedirectUri()
    participant FitbitAuth as Fitbit Auth Server

    App->>pickRedirectUri: registeredUris, window.location
    Note over pickRedirectUri: origin = "https://app.getbased.health"<br/>hrefBase = origin + pathname ("/app")
    pickRedirectUri-->>pickRedirectUri: exact match ("https://app.getbased.health/app")? no (removed)
    pickRedirectUri-->>pickRedirectUri: "byOrigin: uri.startsWith(origin)?<br/>"https://app.getbased.health" ✓"
    pickRedirectUri->>App: returns "https://app.getbased.health"

    App->>FitbitAuth: "/oauth2/authorize?redirect_uri=https://app.getbased.health&..."
    FitbitAuth-->>App: "302 → https://app.getbased.health?code=xxx&state=yyy"
    App->>App: completeOAuthCallback(urlParams)

Loading

_{Reviews (1): Last reviewed commit: "Fix Fitbit live redirect URI" | Re-trigger Greptile}