07-30-2020 11:44 - edited 07-30-2020 12:25
07-30-2020 11:44 - edited 07-30-2020 12:25
Hey everybody!
I would like to use the new userRevokedAccess subscription, but am getting "insufficient permissions" even though the docs say this:
This is reproducible in the Fitbit Web API tester at https://dev.fitbit.com/build/reference/web-api/explore/#/Subscriptions/addSubscriptions if you choose a limited set of scope permissions when performing the OAuth authorization. For instance, try choosing "activity", "heartrate", and "profile".
Specifically, this POST:
curl -X POST "https://api.fitbit.com/1/user/-/userRevokedAccess/apiSubscriptions/320.json" -H "accept: application/json" -H "authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiIyMjdHNUwiLCJzdWIiOiI4TkNSMksiLCJpc3MiOiJGaXRiaXQiLCJ0eXAiOiJhY2Nlc3NfdG9rZW4iLCJzY29wZXMiOiJ3aHIgd3BybyB3YWN0IiwiZXhwIjoxNTk2MjIwMjIxLCJpYXQiOjE1OTYxMzM4MjF9.bUaq3LDrPDUj8s1HfM8OsaMJCmmp4u6asK5yKOJn1yQ" -d ""
Receives this 403 response:
{ "errors": [ { "errorType": "insufficient_scope", "message": "This application does not have permission to access nutrition, settings, sleep, weight data. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process." } ], "success": false }
Just wondering if there is a workaround or an imminent fix? (We don't want to ask the user for all permissions because the sign up rate will decrease.)
Answered! Go to the Best Answer.
08-07-2020 03:30
08-07-2020 03:30
We've identified the problem with the userRevokedAccess collection and pushed the fix to production. I've tested the fix to make certain it works. Would you please test your code to make certain it works for you and let me know if you have any problems?
Best,
Gordon
08-03-2020 14:33
08-03-2020 14:33
Thank you for reporting the problem. I'll investigate this for you.
Gordon
08-03-2020 15:07
08-03-2020 15:07
Just wanted to let you know that we have filed a ticket to engineering to fix the issue. I'll update this thread when the issue is fixed. The only workaround I have for you is the user needs to consent to all scopes for you to add the subscription for userRevokedAccess.
08-07-2020 03:30
08-07-2020 03:30
We've identified the problem with the userRevokedAccess collection and pushed the fix to production. I've tested the fix to make certain it works. Would you please test your code to make certain it works for you and let me know if you have any problems?
Best,
Gordon
08-07-2020 08:44
08-07-2020 08:44
Verified that the latest production code works! Thanks!