help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Fitbit user revoke access, connection still possible.

‎10-14-2020 05:33

‎10-14-2020 05:33

Hi,

I have following use case:

1) User login and grant access to fitness activities in our App. (we set no expires_in param, so it would get the default value of  864002 so one day)

2) We save access-token, then every time we check for new activities we perform a request with a freshToken (if needed) AuthState.performActionWithFreshTokens()

3) User revoke the permission for our app: https://www.fitbit.com/settings/data/access 

4) User can still load activities (also there is no error), even though the Account-access should be denied.

 

Now my questions is: should the effect of taking back an app permission on Fitbit website immediate? Or do we need to wait for access_token expiriation (1 day) to see the effect (permission denied)?

 

Best Answer
Labels:
0 Votes
7 REPLIES 7

‎10-14-2020 08:36

‎10-14-2020 08:36

I haven't looked at this in a few years, but back then it always took many hours for the access token to be invalidated.

Best Answer
0 Votes

‎10-14-2020 14:01

In response to orujon

‎10-14-2020 14:01

Ok, so even if we revoke acces on Fitbit website, it wont affect communication as long access token is still valid?

Best Answer
0 Votes

‎10-14-2020 14:11

In response to in_sider

‎10-14-2020 14:11

Well, I didn't say that either...  I wouldn't count on it.

 

We just delete the access token on our end instead of trying to explain to our users how to revoke the access from fitbit.com and then trying to explain why it doesn't actually revoke immediately and no we don't really know when it will happen, sometime in the next half day or so...

Best Answer
0 Votes

‎10-14-2020 15:18

‎10-14-2020 15:18

Hi @in_sider @orujon,

 

Fitbit users have the ability to stop sharing their data with an application by revoking access (or consent) to that application through their Fitbit account settings. When the user revokes access to an application, the user's access tokens and refresh token become invalid immediately, regardless of the expiration set on the access token. Once a user revokes access, even though the token still has another "X" hours to expire, all connection to that user is removed and you'll no longer be able to access their data.

 

I hope this clears things up. Let me know if you have any additional questions.

Best Answer
0 Votes

‎10-15-2020 01:55 - edited ‎10-15-2020 01:57

In response to JohnFitbit

‎10-15-2020 01:55 - edited ‎10-15-2020 01:57

So I have revoked access to the Fitbit website. But I can still make requests, without a problem.

As far as I understand the problem, it shouldn't be possible. Even if i use AuthState.performActionWithFreshTokens()

 

2020-10-15 10:49:05.339 28835-28966/app D/FITBIT: --> GET https://api.fitbit.com/1/user/-/activities/list.json?afterDate=2020-10-05&limit=20&offset=0&sort=asc
2020-10-15 10:49:05.340 28835-28966/app D/FITBIT: Authorization: Bearer xxxxxxxxxxxxx
2020-10-15 10:49:05.340 28835-28966/app D/FITBIT: --> END GET
2020-10-15 10:49:05.672 28835-28966/app D/FITBIT: <-- 200 https://api.fitbit.com/1/user/-/activities/list.json?afterDate=2020-10-05&limit=20&offset=0&sort=asc (331ms)
2020-10-15 10:49:05.672 28835-28966/app D/FITBIT: date: Thu, 15 Oct 2020 08:49:04 GMT
2020-10-15 10:49:05.672 28835-28966/app D/FITBIT: content-type: application/json;charset=UTF-8
2020-10-15 10:49:05.673 28835-28966/app D/FITBIT: vary: Origin,Accept-Encoding
2020-10-15 10:49:05.673 28835-28966/app D/FITBIT: cache-control: no-cache, private
2020-10-15 10:49:05.673 28835-28966/app D/FITBIT: content-language: en
2020-10-15 10:49:05.673 28835-28966/app D/FITBIT: fitbit-rate-limit-limit: 150
2020-10-15 10:49:05.674 28835-28966/app D/FITBIT: fitbit-rate-limit-remaining: 131
2020-10-15 10:49:05.674 28835-28966/app D/FITBIT: fitbit-rate-limit-reset: 656
2020-10-15 10:49:05.674 28835-28966/app D/FITBIT: x-frame-options: SAMEORIGIN
2020-10-15 10:49:05.674 28835-28966/app D/FITBIT: via: 1.1 google
2020-10-15 10:49:05.675 28835-28966/app D/FITBIT: cf-cache-status: DYNAMIC
2020-10-15 10:49:05.675 28835-28966/app D/FITBIT: cf-request-id: 05cd0be0920000ffbc02827000000001
2020-10-15 10:49:05.675 28835-28966/app D/FITBIT: expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
2020-10-15 10:49:05.675 28835-28966/app D/FITBIT: server: cloudflare
2020-10-15 10:49:05.675 28835-28966/app D/FITBIT: cf-ray: 5e2848e0ea39ffbc-WAW
2020-10-15 10:49:05.682 28835-28966/app D/FITBIT: {"activities":[{"activeDuration":29400000,"activityLevel":[{"minutes":0,"name":"sedentary"},{"minutes":490,"name":"lightly"},{"minutes":0,"name":"fairly"},{"minutes":0,"name":"very"}],"activityName":"Walk","activityTypeId":90013,"calories":1177,"distance":0.06651,"distanceUnit":"Kilometer","duration":29400000,"elevationGain":0,"hasActiveZoneMinutes":false,"lastModified":"2020-10-12T09:09:22.000Z","logId":34848275857,"logType":"manual","manualValuesSpecified":{"calories":false,"distance":false,"steps":true},"originalDuration":29400000,"originalStartTime":"2020-10-11T08:00:00.000+02:00","pace":442038.7911592242,"speed":0.008144081632653061,"startTime":"2020-10-11T08:00:00.000+02:00","steps":90},{"activeDuration":40080000,"activityLevel":[{"minutes":0,"name":"sedentary"},{"minutes":668,"name":"lightly"},{"minutes":0,"name":"fairly"},{"minutes":0,"name":"very"}],"activityName":"Walk","activityTypeId":90013,"calories":294,"distance":0.07714,"distanceUnit":"Kilometer","duration":40080000,"elevationGain":0,"hasActiveZoneMinutes":false,"lastModified":"2020-10-12T09:10:19.000Z","logId":34851150011,"logType":"manual","manualValuesSpecified":{"calories":false,"distance":false,"steps":true},"originalDuration":40080000,"originalStartTime":"2020-10-12T11:00:00.000+02:00","pace":519574.7990666321,"speed":0.00692874251497006,"startTime":"2020-10-12T11:00:00.000+02:00","steps":90},{"activeDuration":300000,"activityLevel":[{"minutes":0,"name":"sedentary"},{"minutes":5,"name":"lightly"},{"minutes":0,"name":"fairly"},{"minutes":0,"name":"very"}],"activityName":"Walk","activityTypeId":90013,"calories":10,"distance":0.01108,"distanceUnit":"Kilometer","duration":300000,"elevationGain":0,"hasActiveZoneMinutes":false,"lastModified":"2020-10-12T11:02:38.000Z","logId":34950189047,"logType":"manual","manualValuesSpecified":{"calories":false,"distance":false,"steps":true},"originalDuration":300000,"originalStartTime":"2020-10-12T12:58:00.000+02:00","pace":27075.812274368232,"speed":0.13296,"startTime":"2020-10-12T12:58:00.000+02:00","steps":15}],"pagination":{"afterDate":"2020-10-05","limit":20,"next":"","offset":0,"previous":"","sort":"asc"}}
2020-10-15 10:49:05.682 28835-28966/app D/FITBIT: <-- END HTTP (2152-byte body)

 

 

Best Answer
0 Votes

‎10-15-2020 11:16

In response to in_sider

‎10-15-2020 11:16

@in_sider Could you PM me your Client ID and your access token so I can investigate see what may be occurring?

Best Answer
0 Votes

‎10-16-2020 04:13

In response to JohnFitbit

‎10-16-2020 04:13

I've sent yesterday required data via PM.

Best Answer
0 Votes