Solved: Get oAuth2 refresh access token

catch_catch · ‎03-02-2016

In oAuth2, i want to get access_token and refresh_token

With the reason,I use https://github.com/orcasgit/python-fitbit

I use gather_keys_oauth2.py and client_id ,clien_secret to get token

But it show the error messages ' invalid_request - Invalid redirect_uri parameter value '

I set my Callback URL http://127.0.0.1

How should i do to get refresh access token?

jeaglemc · ‎03-02-2016

Hey ... I'm not familiar with that Python project (I'm using C#), but I had ran into a problem during dev that may be similar. My problem was I was using redirect_uri in the query string but my redirect_uri was not an exact match to any string defined as a Callback URL in my application's settings.

Here's the paragraph in the doc that contained my solution:

"You must specify the full redirect URI in your application settings on dev.fitbit.com. An application may have multiple redirect URIs registered by putting one redirect URI per line in your application settings. Fitbit strongly recommends that you always specify the intended redirect URI as the redirect_uri when sending users to the authorization page. The redirect_uri must be an exact match one of the values specified in your application settings."

Here's the link to the anchor in the doc: Redirect URIs

Also, rather then using IP address 127.0.0.1, I used "localhost" ... I don't know if that makes a difference, I didn't test and I am now beyond that phase. My full Callback URI was "https://localhost:54867/authfitbit.ashx", and that worked fine.

Hope this helps.

View best answer in original post

jeaglemc · ‎03-02-2016

Hey ... I'm not familiar with that Python project (I'm using C#), but I had ran into a problem during dev that may be similar. My problem was I was using redirect_uri in the query string but my redirect_uri was not an exact match to any string defined as a Callback URL in my application's settings.

Here's the paragraph in the doc that contained my solution:

"You must specify the full redirect URI in your application settings on dev.fitbit.com. An application may have multiple redirect URIs registered by putting one redirect URI per line in your application settings. Fitbit strongly recommends that you always specify the intended redirect URI as the redirect_uri when sending users to the authorization page. The redirect_uri must be an exact match one of the values specified in your application settings."

Here's the link to the anchor in the doc: Redirect URIs

Also, rather then using IP address 127.0.0.1, I used "localhost" ... I don't know if that makes a difference, I didn't test and I am now beyond that phase. My full Callback URI was "https://localhost:54867/authfitbit.ashx", and that worked fine.

Hope this helps.

AndrewFitbit · ‎03-02-2016

jeaglemc wrote:
Here's the paragraph in the doc that contained my solution:

"You must specify the full redirect URI in your application settings on dev.fitbit.com. An application may have multiple redirect URIs registered by putting one redirect URI per line in your application settings. Fitbit strongly recommends that you always specify the intended redirect URI as the redirect_uri when sending users to the authorization page. The redirect_uri must be an exact match one of the values specified in your application settings."

Here's the link to the anchor in the doc: Redirect URIs

Thanks for the help @jeaglemc, solid answer. Just want to emphasize this part:

"The redirect_uri must be an exact match one of the values specified in your application settings."

@catch_catch Check out @jeaglemc's post and see if that helps. 🙂

Andrew | Community Moderator, Fitbit

What motivates you?

catch_catch · ‎03-02-2016

Thanks a lot. I solved the problem .

namsini · ‎04-26-2017

I had the same problem but when i changed the callbackurl it is directing

but i dont know what are the tokens in it ?

how do i find its a token ?

is it appended to the callback url link ?

if it is what exactly is it?

this the link that i got -

https://localhost:callback/code=17317d5d48eabd47580be7a285344ab473891ce5&state=tSyYeazevTzslQgeR2xqbWCHLEJ5Wf#_=_

are the tokens hidden in the link?

please help me i am new to this

@AndrewFitbit @jeaglemc

namsini · ‎04-26-2017

hey can you please me out to find the tokens for fitbit api?

@AndrewFitbit @jeaglemc

https://localhost:54867/code=17317d5d48eabd47580be7a285344ab473891ce5&state=tSyYeazevTzslQgeR2xqbWCHLEJ5Wf#_=_

is it in this link?

catch_catch · ‎04-26-2017

You can follow steps in this place。
https://dev.fitbit.com/apps/oauthinteractivetutorial?clientEncodedId=227XG2&clientSecret=9dab065966b...

JayMC · ‎04-27-2017

Hey namsini - It appears to me what you have there is the callback returned by Fitbit after your app's user navigated to the Fitbit authorization page (where your user enters their Fitbit ID and password) and authorizes you application to access Fitbit and receive notifications from Fitbit. You have completed step Obtaining Consent.

Now you need to take name/value pairs "code" and "state", in the callback's query string, and complete step Access Token Request ... this will give you your first "access_token" and "refresh_token" that you can use to a) access the user's Fitbit account and setup subscriptions and pull data, and b) exchange the "refresh_token" for a new access token when your access token expires (see Refreshing Tokens).

Note: Using "code" and "state" to obtain your first "access_token" and "refresh_token" requires no interaction from the user, the user sees nothing, and our system does it in the background instantly after receiving the callback.

Good luck!

namsini · ‎04-27-2017

thank you !

Join us on the Community Forums!

Community Guidelines

Learn the Basics

Join the Community!

Not finding your answer on the Community Forums?

Go to the Help Site

Contact Support

Get oAuth2 refresh access token

catch_catch

jeaglemc

jeaglemc

AndrewFitbit

catch_catch

namsini

namsini

catch_catch

JayMC

namsini