Authorize URL should not be under api.fitbit.com

[ElMassimo]

According to the Fitbit documentation, in order for the users to authorize the client application, users should be redirected to:
https://www.fitbit.com/oauth/authorize?oauth_token=[&locale=][&display=touch][&requestCredentials=true]

With the current configuration, it seems like users are being redirected to https://api.fitbit.com/oauth/authorize.

According to fitbit support, there are two reasons to use the non-api URL:

1. When you send people to api.fitbit.com, they are always required to sign in to authorize your app. When your app uses the correct URL, people do not have to sign in if they are already signed in on the device.
2. While Fitbit has supported authorization on api.fitbit.com, soon it will begin redirecting these requests to www.fitbit.com, which will increase the page load time for your users.

[ghost]

Hello, I'm the API lead at Fitbit. I can confirm that the OAuth 1.0a authorization URL should use www.fitbit.com. I know many developers have used Fitgem and this change would be valuable to them for the reasons above.

[whazzmaster]

Apologies- work has been hectic lately. I'll get PR #39 merged and see if I can cut a new gem version tonight.

[whazzmaster]

One question @jeremiahlee; so all API requests continue to hit api.fitbit.com and it's just the OAuth authorize call that needs to go to www.fitbit.com?

Damn my laziness- the docs said it plainly: authorize only hits www.fitbit.com. Ok.

[whazzmaster]

Closed by #39