diff --git a/js/wearable-adapters.js b/js/wearable-adapters.js index 3ef43956..31cb29d2 100644 --- a/js/wearable-adapters.js +++ b/js/wearable-adapters.js @@ -306,12 +306,10 @@ export const ADAPTERS = [ // character-for-character. clientId: '23VBN8', redirectUris: [ - 'https://app.getbased.health/app', - 'https://app.getbased.health/', + 'https://app.getbased.health', + 'http://localhost:8000/app', 'https://getbased.health/app', 'https://beta.getbased.health/', - 'https://beta.getbased.health/app', - 'http://localhost:8000/app', ], scopes: ['profile', 'activity', 'heartrate', 'sleep', 'oxygen_saturation', 'respiratory_rate', 'temperature', 'weight'], pkce: true, diff --git a/tests/test-wearables.js b/tests/test-wearables.js index 06c2700a..53a974dd 100644 --- a/tests/test-wearables.js +++ b/tests/test-wearables.js @@ -1009,10 +1009,13 @@ assert('Fitbit scopes include temperature + weight (for skin Δ + scale readings assert('Fitbit adapter scope list matches DEFAULT_FITBIT_SCOPES (no drift)', JSON.stringify([...fitbitReg.oauth.scopes].sort()) === JSON.stringify([...fitbitAuth.DEFAULT_FITBIT_SCOPES].sort())); -assert('Fitbit hosted /app route is registered before origin fallback', - fitbitReg.oauth.redirectUris.includes('https://app.getbased.health/app')); -assert('Fitbit redirect picker keeps hosted /app instead of falling back to origin root', - fitbitAuth.pickRedirectUri(fitbitReg.oauth.redirectUris, { origin: 'https://app.getbased.health', pathname: '/app' }) === 'https://app.getbased.health/app'); +assert('Fitbit hosted redirect matches dev-console value exactly', + fitbitReg.oauth.redirectUris.includes('https://app.getbased.health')); +assert('Fitbit redirect picker uses exact registered live-host URI without adding slash or /app', + fitbitAuth.pickRedirectUri(fitbitReg.oauth.redirectUris, { origin: 'https://app.getbased.health', pathname: '/app' }) === 'https://app.getbased.health'); +assert('Fitbit redirect registry does not include unregistered hosted /app or slash variants', + !fitbitReg.oauth.redirectUris.includes('https://app.getbased.health/app') && + !fitbitReg.oauth.redirectUris.includes('https://app.getbased.health/')); const fbUrl = await fitbitAuth.buildAuthorizeUrl({ clientId: 'fb-test-client', redirectUri: 'http://localhost:8000/app', diff --git a/version.js b/version.js index f60b43a7..71d5ad92 100644 --- a/version.js +++ b/version.js @@ -2,4 +2,4 @@ // Classic script (not ES module) so it works in both browser and service worker. // Browser: