help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Authorization Code Grant fitbit sample code

‎01-07-2016 15:28

‎01-07-2016 15:28

I am having an issue with the Authorization Code Grant option.

 

Here is what I am doing

 

1. https://www.fitbit.com/oauth2/authorize?response_type=code&client_id=[CLIENTID]&redirect_uri=[URL]&s...

 

My callback returns a querystring paramater code=xxxxxxxxxxx

 

i set var code=xxxxxxxxxxx

 

xhttp.open("POST", "https://api.fitbit.com/oauth2/token?grant_type=refresh_token&refresh_token=" + code + ":" + "65483fe9d4747672afd2f9f2112008ac", false);

 

var auth = window.btoa("ClientID:Clientsecret");

xhttp.setRequestHeader("Authorization", "Basic " + auth);
xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhttp.setRequestHeader("Accept", "*/*");
xhttp.send();

 

It returns a 400 error

 

{"errors":[{"errorType":"invalid_grant", "message":"Authorization code invalid or expired: [code]."}],"success":false}

 

Help!!!!

 

 

Best Answer
0 Votes
1 REPLY 1

‎01-22-2016 21:20 - edited ‎01-22-2016 21:58

‎01-22-2016 21:20 - edited ‎01-22-2016 21:58

Two things here.

 

1. The app first calls on https://www.fitbit.com/oauth2/authorize?  (as you have done in your step 1).

    and get back an authorization code.

    The app POSTs the authorization code and asks for an access token and refresh token.

        (You are not doing this.)

    The app gets back an access token and a refresh token.

    The app POSTs a request for fitbit data using the access token.

    Later, when the old access token expires after 1 hour, the app asks for a renewed access token using the refresh token.

        (You appear to be doing something like this without asking for the access token and refresh token first.)

 

2. Not sure about the line 

 

var auth = window.btoa("ClientID:Clientsecret");

 

Seems that the quotes might be mucking up there, thus:

 

var auth = window.btoa("2244WGA" + ":" + "abmpq13589dda84920");

where ClientID =  2244WGA

and ClientSecret = abmpq13589dda84920

 

Hope this helps.

Regards,

Tony Barry

[edited for typos, clarity]

Best Answer
0 Votes