Solved: 400 error when upgrading users to OAuth 2.0

JeremiahFitbit · ‎02-08-2016

Hello,

I'm trying to upgrade my application's integration from OAuth 1.0a to OAuth 2.0. Specifically, I'm trying to upgrade a certain user who has already registered with OAuth 1.0a to OAuth 2.0. From the instructions, I understand that I should use the refresh_token request with the old OAuth 1.0a token and token secret. But, when I try to do that, I get this error:

""errors":[{"errorType":"invalid_grant","message":"Refresh token invalid:"

This post is similar https://community.fitbit.com/t5/Web-API/Migrate-Oauth1-to-Outh2/td-p/1117575, and I've tried everything from that post, but I'm still getting this error. I am piping requests through Runscope. Here is my HTTP request:

HEADERS

Accept: */*

Authorization: Basic MjI3Rks3Om9iZnVzY2F0ZWQ=

Connection: close

Content-Length: 106

Content-Type: application/x-www-form-urlencoded

Host: api.fitbit.com

User-Agent: NING/1.0

PARAMETERS

grant_type: refresh_token

refresh_token: f______________________b:2______________________3

BODY

grant_type=refresh_token&refresh_token=fxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb%3A2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx3

Moderator edit: You posted your client secret. I removed it. However, you should reset your client secret in your app settings at dev.fitbit.com.

karkum · ‎02-08-2016

NVM Turns out I had the wrong app ids in my application. Sorry for the trouble!

Just to confirm, is the Oauth1 to 2 upgrade token feature still planning to be deprecated on April 12? (I see this comment from 10/16/2015: https://community.fitbit.com/t5/Web-API/Migrating-oauth1-users-to-auth2-fails-after-getting-16-new-t... but I just wanted to confirm).

Are there any special rate limits on this specific endpoint (outside of the 150 per day per user limit)? We were considering running a one-time script to update all users to oauth 2.0. Do you think that is acceptable or is updating users on an as-needed basis mor acceptable? Thanks!

View best answer in original post

JeremiahFitbit · ‎02-08-2016

Are you sending post URL parameters and body parameters? You should only send body parameters.

karkum · ‎02-08-2016

Thanks for the quick reply! No, I am sending only body parameters.

I thought perhaps that the user I was trying this with had an invalid token, so I tried another user and I'm getting the same error as above.

karkum · ‎02-08-2016

NVM Turns out I had the wrong app ids in my application. Sorry for the trouble!

Just to confirm, is the Oauth1 to 2 upgrade token feature still planning to be deprecated on April 12? (I see this comment from 10/16/2015: https://community.fitbit.com/t5/Web-API/Migrating-oauth1-users-to-auth2-fails-after-getting-16-new-t... but I just wanted to confirm).

Are there any special rate limits on this specific endpoint (outside of the 150 per day per user limit)? We were considering running a one-time script to update all users to oauth 2.0. Do you think that is acceptable or is updating users on an as-needed basis mor acceptable? Thanks!

JeremiahFitbit · ‎02-08-2016

Yes, OAuth 1.0a is still scheduled to be turned off on April 12, 2016.

You should be able to upgrade all of your users at once. This endpoint is not rate limited for this purpose.

messi · ‎02-15-2016

Hi, I am also getting the same error for older user(registered 3-4 months back).

{"errors":[{"errorType":"invalid_grant","message":"Refresh token invalid: [access_token]"}],"success":false}

while i am trying this for newly registered user. migration is working fine.

Join us on the Community Forums!

Community Guidelines

Learn the Basics

Join the Community!

Not finding your answer on the Community Forums?

Go to the Help Site

Contact Support

400 error when upgrading users to OAuth 2.0

karkum

karkum

JeremiahFitbit

karkum

karkum

JeremiahFitbit

messi