01-05-2017 06:31 - edited 01-05-2017 06:32
01-05-2017 06:31 - edited 01-05-2017 06:32
Hello,
We've observed some unexpected results after having wired up retrieval of user apiSubscriptions to our Fitbit web app. The unexpected behaviour is as followes:
1) Have a user opt-out of certain scopes when linking to our Fitbit web app via OAuth (e.g. foods or sleep)
2) Our web app querries https://api.fitbit.com/1/user/-/apiSubscriptions.json for said user
3) This call results in: {"errors":[{"errorType":"insufficient_scope","message":"This application does not have permission to access weight data. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}
We would have expected that this call will still succeed, returning either an empty list of notification subcriptions (as the call does for users who have in fact not subscribed to any any of our notification endpoints) or a list of the notification subscriptions to which the user has subscribed (if they have granted permission to the related scopes). The 403 / insufficient_scope error seems unexpected in this case. Is this the intended behaviour?
Thanks!
-Stefan
Answered! Go to the Best Answer.
01-05-2017 09:58
01-05-2017 09:58
@StefanS Currently, that's expected behavior. The call you're making is to view all subscriptions, which will result in a 403 if not all scopes are granted. This has been brought up before in a similar thread.
01-05-2017 09:58
01-05-2017 09:58
@StefanS Currently, that's expected behavior. The call you're making is to view all subscriptions, which will result in a 403 if not all scopes are granted. This has been brought up before in a similar thread.
01-05-2017 15:52
01-05-2017 15:52
Understood - thanks!