help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

what's the deal with refresh tokens?

‎09-17-2022 08:20

‎09-17-2022 08:20

Refresh tokens are said to be good for a year, then in the very next sentence you say they can only be used once and need to be replaced.  Don't you think this is a little in-congruent. I've been struggling with oauth2 for several weeks and I don't think it's my fault. Worst Designed API I've ever tried to deal with.

And the documentation is terrible. I thought I made a break through when I discovered you had built a wizard to help us through the process, then I found that the code the wizard provided didn't work either.

Obviously I'm missing something.  If anyone knows of a site that can untangle this mess, please let me know where it is.

Best Answer
0 Votes
2 REPLIES 2

‎09-17-2022 13:35

‎09-17-2022 13:35

I stumbled on the answer.  I kept missing the radio button to select authorization work flow instead of the default, implicit. Once I got that implicit access token without a refresh token I would go back and try to run the right work flow.  The authorization work flow would not work then because I had a valid access token already.  I had to back up and remove all access tokens and then proceed again with the authorization work flow.  I don't remember ever seeing a warning about this so it might be worth mentioning in the documentation to save others the frustration of seeing the wizards curl fail with no explanation of why.

Best Answer
0 Votes

‎09-17-2022 13:38

In response to Kengiese

‎09-17-2022 13:38

I'm glad you found the answer.

In future, you may get more traction in this section of the forum.

Peter McLennan
Gondwana Software
Best Answer
0 Votes