help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

All of our access token suddenly became invalid

‎04-22-2016 08:13

‎04-22-2016 08:13

Starting around 5PM Eastern yesterday evening, all of our users' refresh tokens began returning "Invalid refresh token" responses when attempting access token exchange. Prior to yesterday evening, nearly every user access token was being refreshed regularly and successfully except for a handful of users, a hundreth of a percent per day, which we chalked up to users deauthorizing our app. The refresh token values we have recorded look to be the same format we've been seeing since migrating to OAuth 2, 64 lower case hex characters. We haven't made any changes here since migrating our users to OAuth 2 a few weeks ago. Is anyone having issues that may not be reported on the Fitbit status page? Is anyone from Fitbit able to provide additional assistance or information that may be specific to our application account? Thank you.

 

Best Answer
Labels:
0 Votes
2 REPLIES 2

‎04-22-2016 10:22

‎04-22-2016 10:22

We've been digging into this and it seems that a large number of errors for a small number of users compounded filled up our job retry queues. Combined with our rate limit logic against the Fitbit API this caused what appeared to be an issue refreshing tokens for all users but actually just a handful. The job queue + rate limit itself is what caused the issue to appear to us originally as affecting all users. So I think our interaction with Fitbit is working fine.

Best Answer
0 Votes

‎04-22-2016 13:29

In response to mdaubs

‎04-22-2016 13:29

If you still need assistance, please contact us privately with your client id, user ids, timestamps, and logs of the refresh token you sent that was said to be invalid.

Best Answer
0 Votes