help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Authorization can make refresh token invalid.

‎08-04-2016 15:05

‎08-04-2016 15:05

I'm getting an invalid refresh token when I try to migrate a user.

 

{"errors":[{"errorType":"invalid_grant","message":"Refresh token invalid: 0ac571b96816d64b3d54c138936bcd9f:855fd0c5bcc48b596ba1625d712c0826. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}

 

 

anything obvious here?

Best Answer
Labels:
0 Votes
5 REPLIES 5

‎08-04-2016 16:56

‎08-04-2016 16:56

Can you make a successful OAuth 1.0a request with that OAuth 1.0a access token and access token secret? I suspect the person might have revoked access to your application.

Best Answer
0 Votes

‎08-04-2016 19:51

‎08-04-2016 19:51

I wasn't aware the could still make requests with auth 1.. I'll give it a try
Best Answer
0 Votes

‎08-04-2016 20:19

In response to lbalding

‎08-04-2016 20:19

{"errors":[{"errorType":"invalid_grant","message":"Refresh token invalid: 762c68849ade1bef10c91005fc6752a1:ffb42561e91d48ccc88bc88f3639d5e4. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}

 

I tried a more current user.  The previous one was from a while ago but this one is recent.  Do I have to use the clientid from the application they are currently tied to?

Best Answer
0 Votes

‎08-04-2016 20:27

In response to lbalding

‎08-04-2016 20:27

I figured it out.  I appears that you have to use the same application that the user was registered under.  This is going to be challenging for use as all of our oAuth v1 participants use different URLs to log in and only one application in the fitbit.com admin.  oAuth v2 requires that the redirect_uri match the passed in redirect_uri..  Any suggestions?

Best Answer
0 Votes

‎08-05-2016 14:14

In response to lbalding

‎08-05-2016 14:14

Correct—the upgrade flow is for the application the person authorized. If a person has authorized App A, App B can't use access tokens belonging to App A.

 

You can specify multiple redirect URIs in the https://dev.fitbit.com/apps settings. Put one redirect URI per line.

Best Answer
0 Votes