02-13-2019 19:47
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

02-13-2019 19:47
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
- Who Voted for this post?
I develop an app that send workout data to Fitbit.
After entering login and password in Fitbit authorization page, the app keeps getting "invalid_request - invalid redirect_uri parameter value". We have double checked the redirect_uri and callback url to make sure they are matching. This app and mechanism has been working for years and suddenly it stops working 1-2 weeks ago.
What could be the reason of the error?
Thanks in advance.
Answered! Go to the Best Answer.
Accepted Solutions
03-11-2019 18:58
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

03-11-2019 18:58
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
@Gordon-C, I can no longer see the error since last weekend. Look like the fix has been deployed. Thank you!

02-17-2019 09:31
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



02-17-2019 09:31
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Hi @rwinata,
Would you please provide me with your authorization URL that contains the redirect_uri parameter?
Thanks!
Gordon
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

02-17-2019 19:42
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

02-17-2019 19:42
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

02-18-2019 04:37
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



02-18-2019 04:37
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
For clarification, are you getting the error message instead of the scope page being displayed, or does the error message occur when the user enables the scopes and presses the "Apply" button?
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

02-18-2019 08:49 - edited 02-18-2019 09:52
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

02-18-2019 08:49 - edited 02-18-2019 09:52
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
- Who Voted for this post?
@Gordon-C, after filling username / password and login, the user gets the error message instead of scope / permission page.
02-21-2019 01:52
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

02-21-2019 01:52
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
@Gordon-C, any idea about the above problem?

02-21-2019 13:46
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



02-21-2019 13:46
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
There could be a few things that are causing the error message
1. the redirect url in your authorize string needs to exactly match the URL in the dev.fitbit.com settings
2. in the authorization string you provided,
redirect_uri=https://www.lfconnect.com/lfservice/third_party_apps_auth/source=Web&target=Fitbit
it looks like you have an "&" in it. Since & are used to denote separation between the URL parameters, the & in your string could be thinking the redirect URL is shorter than it actually is. Can you change your redirect URL so it doesn't contain the &
3. Lastly, I see you have the parameter "state" but no value. I would recommend removing it.
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

02-22-2019 01:41
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

02-22-2019 01:41
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Thanks, @Gordon-C!
You are right about the "&" in redirect_uri. After login, the redirect_url is carried-forward unescaped.
We're using the redirect_uri with "&" for quite some time without any issue. Is it possible for Fitbit to support it again?

02-22-2019 08:18
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



02-22-2019 08:18
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Hi @rwinata
We're looking into the reason why you no longer can include an & in the redirect_uri.
Gordon
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

02-22-2019 09:48
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



02-22-2019 09:48
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
@rwinata How is this problem impacting your application? Are you able to use the workaround of not using an & in the redirect_uri parameter?
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

02-22-2019 12:14
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



02-22-2019 12:14
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
@rwinata One other question for you, when the application executes the /oauth2/authorize endpoint and the user is not logged in, the user should be prompted to log into their fitbit.com account. Would you please send me a screen shot of the login page and the URL? Once they log in, does the user get the error?
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

02-24-2019 18:25
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

02-24-2019 18:25
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
> How is this problem impacting your application? Are you able to use the workaround of not using an & in the redirect_uri parameter?
Currently, our users can't enable the Fitbit sync in our app. We investigated and tested passing the URL without ampersand and it's confirmed to be the cause. There's no simple workaround at this moment because we need to redesign the URL to use not more than 1 parameter.

02-25-2019 05:12
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

02-25-2019 05:12
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
- Who Voted for this post?
02-26-2019 13:55
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



02-26-2019 13:55
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Hi @rwinata
We have isolated a problem when using parameters in the callback URL and we are working on a fix. I'll try to find out when the fix will be available in production.
Gordon
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

02-27-2019 05:28
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

02-27-2019 05:28
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Glad to hear that, @Gordon-C. Thank you!

03-05-2019 08:01
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

03-05-2019 08:01
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
We are seeing the same issue regarding the error message but have no special chars in the redirect URI at all. Our app was working fine a few days ago and now it is failing. We are able to login via the OAuth screen but are presented with the invalid redirect URI before we get redirected to your authorize screen. This seems to only be an issue with our mobile applications at this time. Our web version is not having this issue.
Our Redirect URI is: https://www.<host>.com/service-auth
Is this a known issue?
Thanks!

03-05-2019 10:32
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



03-05-2019 10:32
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Hi @angelir
Would you please post your entire /oauth2/authorize URL?
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

03-05-2019 11:48
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

03-05-2019 11:48
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Hi @Gordon-C ,
Here is the url with the client and host removed. The client is our fitbit clientId. Again, this has not changed on our end for quiet some time.
I appreciate your attention to this!
Thanks,
Rob

03-05-2019 15:49
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



03-05-2019 15:49
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Hi @angelir
I'm not able to reproduce the error message with your authorization URL. Is the redirect URL specified in your authorization URL, the same as what is defined in dev.fitbit.com? They need to match.
Gordon
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

03-06-2019 20:00
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

03-06-2019 20:00
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
@Gordon-C, do you have ETA for the fix?

