01-07-2020 03:18 - edited 01-07-2020 03:49
01-07-2020 03:18 - edited 01-07-2020 03:49
Hi, what would be possible reasons for the endpoint to return a 409 during a token refresh operation
POST https://api.fitbit.com/oauth2/token
UTC timestamps
12/21/2019, 11:48:37.518 AM
12/11/2019, 8:04:57.069 AM
12/11/2019, 7:43:21.335 AM
thank you
01-08-2020 11:18
01-08-2020 11:18
Hi @nikosk,
Welcome to the forums!
Can you provide me with the error message you received for this error?
Hope to hear from you soon!
01-09-2020 02:55
01-09-2020 02:55
Hi
the error message is
{
"errors": [{
"errorType": "invalid_request",
"message": "Concurrent refresh token requests were made by the same client for the same user, and while one of these requests probably succeeded, this one did not due to an update conflict. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."
}],
"success": false
}
i understand what this says and it is exactly what is happening (more than 1 requests going out at the same time), but on the other hand it contradicts the mechanicsm you have in place where within a 2 minute window the API should return a success response if the same refresh token is used.
thank you
01-13-2020 17:51
01-13-2020 17:51
Hi @nikosk,
Thanks for providing me with the message.
I did some tests on my end and I can confirm that sending duplicate refresh token requests within seconds of each other will (and should) return the same response, as per our documentation.
Can you check if you are requesting a different API call in between these refresh token requests? It is possible that you are seeing this error due to invalidating the old refresh token (RT1), then using the new refresh token (RT2) in the following call, then executing the refresh token request again for RT1 (which was already invalidated when it was used to obtain RT2), all within a few seconds of each other. This is documented in our Refresh Token Errors common solutions guide.
I can also check our logs on my end to see what is occurring when your application is making these calls. So I can do some additional investigation, can you please PM me the following information?
Hope to hear from you soon.