help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

403 Forbidden when user go through the OAuth2.0

ANSWERED

‎09-08-2024 20:40

‎09-08-2024 20:40

Hi everyone,

Our team is running a project to get users' Fitbit data. The user needs to consent the Fitbit and go through the OAuth to give us the token. Recently, one of our users came across a 403 Forbidden error when she opened the authentication URL. However, there is only one case, other users can consent. I can't reproduce this problem. Does anyone get this problem and have any solution to it? 

I saw a post that tried to remove the extension, however, I don't have it.

Thank you so much!


 

Best Answer
Labels:
1 BEST ANSWER

Accepted Solutions

‎09-11-2024 11:23

‎09-11-2024 11:23

Hi @yuhang 

I've seen a few reasons why the 403 error occurs.  Would you be able to share your complete authorization URL?   I'll need to see the values you've entered, so please don't redact anything.

Thanks!

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

View best answer in original post

Best Answer
0 Votes
5 REPLIES 5

‎09-11-2024 11:23

‎09-11-2024 11:23

Hi @yuhang 

I've seen a few reasons why the 403 error occurs.  Would you be able to share your complete authorization URL?   I'll need to see the values you've entered, so please don't redact anything.

Thanks!

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes

‎09-13-2024 07:23

In response to Gordon-C

‎09-13-2024 07:23

Hi Gordon,

My complete authorizaiton URL is 

Best Answer
0 Votes

‎01-10-2025 07:24 - edited ‎01-10-2025 07:32

In response to Gordon-C

‎01-10-2025 07:24 - edited ‎01-10-2025 07:32

Hi, Gordon. We have the same issue in our app.
There is one reported issue when a person gets 403 using the authorization URL, but we have 900+ successfully connected people who haven't had any issues.
It appeared only recently. The last time we tried was on 6th Jan 2025. Our team couldn't reproduce the issue.

Below is our authorization URL (clientId masked):
https://www.fitbit.com/oauth2/authorize?client_id=XXXXX&redirect_uri=https%3A%2F%2Fasthma-prod-gcp-u...

Thanks!

Huma team.

Best Answer
0 Votes

‎01-13-2025 10:17 - edited ‎01-13-2025 10:21

In response to yuhang

‎01-13-2025 10:17 - edited ‎01-13-2025 10:21

Hi @yuhang 

When I click on your URL, the error return states

Developer information: invalid_request - The code_challenge parameter length must be between 43 and 128.

Your code challenge value is outside of that size range.  Once you fix it, the problem should be resolved.

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes

‎01-13-2025 10:23

In response to HumaStuff

‎01-13-2025 10:23

Hi @HumaStuff 

When I click on the URL, the state query parameter is missing the = sign and value.   Would you please post the entire URL?

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes