help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Authorization code invalid invalid_grant?

‎11-07-2021 05:54

‎11-07-2021 05:54

I am trying to get a token from the authentication code. before that, I was getting an authentication code without code challenge like this:

response_type=code
client_id={MyID}
redirect_uri={URL}
scope=activity heartrate location nutrition

 It was getting data fine but I was not getting token. I was trying throught this: 

 

EndPoint: https://api.fitbit.com/oauth2/token

client_id={MyID}
grant_type=authorization_code
redirect_uri={Url}
code={code}

 

From this I was getting the error:

"errors": [
        {
            "errorType": "invalid_grant",
            "message": "Authorization code invalid: 8287806ad170abd7b0c9ca84488ec39850ca16b5 Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."
        }
    ],
    "success": false

 I found code_verifier was missing so I added code verifier:

 
client_id={MYID}
response_type=code
code_challenge=zIUs1yxs5W6WLjj7Y0FUtIrXT22DPCjiiunqAXnDny0
code_challenge_method=S256
scope=S256
redirect_uri={URL}

Getting the code

requesting the token:

client_id{MYID}
grant_type=authorization_code
redirect_uri={Url}
code=8287806ad170abd7b0c9ca84488ec39850ca16b5
code_verifier=PJEyCj-W-sOf8RHPac8EdBnuyYRYCX1ZFSWB8saYtTw

still the same error.

Best Answer
0 Votes
1 REPLY 1

‎11-12-2021 16:04

‎11-12-2021 16:04

Hi @xitas,

 

Welcome to the forums!

 

I don't quite understand how you're formatting your request. Could you please share your full PKCE authorization URL that you provide to your Fitbit users (make sure to hide the Client ID) with me through PM.

 

Also, please share your complete HTTPS cURL request with me so I can ensure that you're formatting it correctly. It should look like the example in our documentation:

 

curl -X POST "https://api.fitbit.com/oauth2/token" \
-H "accept: application/json" \
-H "authorization: Basic <basic_token>" \
-d "client_id=<client_id>&grant_type=authorization_code&code=<authorization_code> \
&redirect_uri=https%3A%2F%2Fexample.com%2Fcallback \
&code_verifier=<code_verifier_value>"

 

 Let me know if you have any additional questions.

Best Answer
0 Votes