I'm building a mashup app for Android Wear, using speech recognition so I can post to Fitbit's API. Single-purpose and pretty simple. I generated the OAuth 1.0 credentials with the excellent Temboo library and granted access in a desktop browser, then naively hard-coded those keys and tokens into my app and let Temboo take care of the HTTP requests and API calls to Fitbit.
I've gotten errors from Fitbit stating that my requests are being refused by Temboo's server because of invalid OAuth signature (Fitbit uses OAuth 1.0). I've come to the realization that I probably need to have the user grant access on the wearable app itself. I'll need to launch the mobile browser and pass it the authorization URL from Temboo in a WebView, then have the user grant access, and then pass this approved data back to the watch.
Is there a pattern for doing this in order to allow access to third-party web service APIs already? I've not seen documentation on it so far. Does anyone have a tip on how the authorization process would flow for a wearable watch app?