Automation / AWS / AWS Lambda / DevOps / S3 Bucket / Serverless

Create a fitness competition using AWS Lambda and Fitbit – Part 1

Nivlesh ChandraLeave a comment

Introduction

It’s no surprise that COVID-19 has had a big impact on our lives. Lockdowns don’t just affect us economically, but it also takes a toll on our physical and mental health.

Over the last few months, it has been quite challenging to keep to a training schedule. This, was a sentiment that all my friends shared with me. As we found, training by yourself is easy to start, however to keep at it, you need motivation, which is lacking during such trying times.

To keep things interesting, and to provide a form of motivation, I decided to gamify our exercise routines. As we all own Fitbit devices, I decided to leverage that to create a fitness competition program.

The program has been running for a few weeks now, and it has lived up to our expectations. Each day, we try to beat each other by trying to get the most steps, be it using our indoor cardio exercise machines or just a doing laps in our backyard. The gamification has turned a “chore” into something we look forward to each day.

In this two-part blog, I will showcase the fitness competition solution I created.

*Please note that the solution described in this blog requires all participants to give consent to their Fitbit steps to be accessed by a third party (the AWS Lambda function that will be used to run the competition).

High Level Architecture

Below is the high-level architecture diagram for the solution.

The steps (indicated by numbers in the diagram above) are described below:

  1. At 12:10 am AEST daily, an Amazon CloudWatch Events Rule triggers an AWS Lambda function.
  2. The AWS Lambda function checks for any competition statistics from previous runs (stored in an AWS S3 bucket). If found, these are read into memory. The AWS Lambda function then retrieves details about the players, along with their Fitbit website tokens from AWS SSM Parameter Store.
  3. The AWS Lambda function retrieves each of the players steps for yesterday from Fitbit. It then awards points to each player based on the steps and calculates their rank.
  4. A slack notification is sent, displaying each of the players steps, points  and their rank.
  5. The competition statistics are stored in an AWS S3 bucket, to be used the next time when the AWS Lambda function runs.

As mentioned before, the players must give consent to have their Fitbit steps accessed by the AWS Lambda function (access is via Fitbit tokens. Please keep these safe, if they are accidentally revealed, invalidate them from the Fitbit developer portal immediately).

In part 1 of this two-part blog series, I will take you through the Fitbit developer portal, to show how access can be given to a user’s steps. In part 2, we will go through the code for the solution.

Create a Fitbit Application

Each player must perform the following steps, to generate a token, that will be used by the AWS Lambda function to gain access to the player’s steps.

  1. Go to https://dev.fitbit.com/apps/new and login using your Fitbit user credentials.
  2. On successful login, you will be presented with the Register an application page. Use the following information, as a guide, to register a new application. The tokens for this application will be used to gain access to the user’s Fitbit steps.
  3. Your application should now be registered. Take note of the following items that will be displayed on screen:
    • OAuth 2.0 Client ID
    • Client Secret.
  4. Locate the OAuth 2.0 tutorial page link at the bottom of the screen and click it. This will open in a new webpage.
  5. On the OAuth 2.0 tutorial page for 1: Authorize select the following:
    • Flow type: Authorization Code Flow
    • Leave Fitbit URL, Fitbit API URL, OAuth 2.0 Client ID, Client Secret, Redirect URI as is (these would have been populated based on your application values – you can spot check the OAuth Client ID and Client Secret by comparing them to what was displayed when you created your application)
    • Select Scopes: untick everything except activity and profile.
    • Expires in (ms): leave this as is (604800)
    • You will notice that an authorization URL has been automatically generated (below Expires in (ms) text box) based on the above choices.
    • Click on the authorization URL. It will open a Fitbit consent page, asking to allow the application access to your profile, activity and exercise information. Tick Allow All and then click Allow.
    • You should now be redirected to an error webpage that says This site can’t be reached. Ignore the error, instead copy the code from the URL. The code is everything after code= and before #

      for example, in the URL

      https://localhost/?code=123edbe4d53b6cd7820b9a1c230fed46ae5678d9f#_=_  the part in bold is the code – that is 123edbe4d53b6cd7820b9a1c230fed46ae5678d9f

    • Return to the webpage showing the OAuth 2.0 tutorial page. Paste the code in the text box under 1A Get Code (in the Code text box).
    • A text box will be displayed underneath with a curl command. Take note of the secret that appears after -H ‘Authorization: Basic. This is the base64 hash of your application’s OAuth 2.0 Client ID and the Client Secret concatenated together.

      For example, in the below curl command, the part in bold is the secret:

      curl -i -X POST \
-H 'Authorization: Basic NkPCQlpWPjA2L2KsVDI2U1K3PGLoKPJlNEBdWzaqPvssATRGbENx' \
--data "clientId=123RT" \
--data "grant_type=authorization_code" \
--data "redirect_uri=https%3A%2F%2Flocalhost%2F" \
--data "code=12edbe3d45b6cd7890b1a2c310f4d17ae123456fq" \
-H 'Content-Type: application/x-www-form-urlencoded' \
https://api.fitbit.com/oauth2/token
    • Copy the whole curl command, paste it into a terminal screen and press Enter to execute it.
    • If all went well, at the bottom of the output of the command, you would see the Fitbit tokens. Copy the whole token, which looks like {“access_token”: ….,”user_id”:”123345″}.
  6. The player now has all the required information. They must provide the following information to you:
    • the secret from the curl command (the base64 hash of your application’s OAuth 2.0 Client ID and the Client Secret concatenated together)
    • the tokens which looks like {“access_token”: ….,”user_id”:”123345″}

Create AWS SSM Parameter Store Parameters

Now that the players have generated their tokens, use that to create some AWS SSM Parameter Store parameters. These will be used by the AWS Lambda function to retrieve the individual player’s steps.

  1. Login to your AWS Management Console and open the AWS Systems Manager portal.
  2. Create a new Parameter Store parameter as per the below specification:
    • Name: fitbit_challenge_players
      Type: StringList
      Value: a lowercase comma separated string containing the first name of all players. This will be used by the AWS Lambda function to locate AWS SSM Parameter Store parameters that correspond to all the players (created below).
      For example, if Peter, Wendy and Molly are the players, then the value for this parameter will be peter,wendy,molly
  3. Next, for each player, create the following Parameter Store parameters:
    • Name: fitbit_secret_{firstname}
      Type: SecureString
      Value: the secret from the curl command (the base64 hash of the player’s application’s OAuth 2.0 Client ID and the Client Secret concatenated together)For example, for peter, the name of this parameter would be fitbit_secret_peter
    • Name: fitbit_token_{firstname}
      Type: SecureString
      Value: the tokens that were returned when the curl command was executed (this looks like {“access_token”: ….,”user_id”:”123345″} )

    For example, for peter, the name of this parameter would be fitbit_token_peter

That was a lot of work, however, everything is now in place for the AWS Lambda function. This concludes part 1 of this two part series.

In the second part, I will take you through the fitness competition code.

Till then, stay safe.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.