help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

409 returned from token refresh operation

‎01-07-2020 03:18 - edited ‎01-07-2020 03:49

‎01-07-2020 03:18 - edited ‎01-07-2020 03:49

Hi, what would be possible reasons for the endpoint to return a 409 during a token refresh operation

 

 POST https://api.fitbit.com/oauth2/token

UTC timestamps 
12/21/2019, 11:48:37.518 AM
12/11/2019, 8:04:57.069 AM
12/11/2019, 7:43:21.335 AM

 

thank you

Best Answer
Labels:
0 Votes
3 REPLIES 3

‎01-08-2020 11:18

‎01-08-2020 11:18

Hi @nikosk,

 

Welcome to the forums!

 

Can you provide me with the error message you received for this error?

 

Hope to hear from you soon!

Best Answer
0 Votes

‎01-09-2020 02:55

In response to JohnFitbit

‎01-09-2020 02:55

Hi

 

the error message is 

 {
 	"errors": [{
 		"errorType": "invalid_request",
 		"message": "Concurrent refresh token requests were made by the same client for the same user, and while one of these requests probably succeeded, this one did not due to an update conflict. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."
 	}],
 	"success": false
 }

i understand what this says and it is exactly what is happening (more than 1 requests going out at the same time), but on the other hand it contradicts the mechanicsm you have in place where within a 2 minute window the API should return a success response if the same refresh token is used.

 

thank you 

Best Answer
0 Votes

‎01-13-2020 17:51

In response to nikosk

‎01-13-2020 17:51

Hi @nikosk,

 

Thanks for providing me with the message. 

 

I did some tests on my end and I can confirm that sending duplicate refresh token requests within seconds of each other will (and should) return the same response, as per our documentation

 

Can you check if you are requesting a different API call in between these refresh token requests? It is possible that you are seeing this error due to invalidating the old refresh token (RT1), then using the new refresh token (RT2) in the following call, then executing the refresh token request again for RT1 (which was already invalidated when it was used to obtain RT2), all within a few seconds of each other. This is documented in our Refresh Token Errors common solutions guide.

 

I can also check our logs on my end to see what is occurring when your application is making these calls. So I can do some additional investigation, can you please PM me the following information?

  • Your Client ID
  • Affected User ID
  • Refresh token (that you're seeing the 409 error with)
  • Timestamp of when you saw this error (please provide an example within the last 7 days, our logs can only go back 7 days). If you don't have a recent example, let me know when you see the error again and I'll check our logs.

Hope to hear from you soon.                            

Best Answer
0 Votes