How to remove user's subscription without their OA...

mbmccormick · ‎01-14-2016

So I've found myself in a situation where a user has an active subscription for my application, but I no longer have a record in my database of this user or their OAuth tokens. My application is receiving this user's subscribed notifications from Fitbit, but my application doesn't know what to do with it. I also can't remove this subscription, because I need the user's OAuth tokens to do so.

How can I remove this subscription for this single user?

JeremiahFitbit · ‎01-14-2016

That is indeed a predicament. Can you ask the person to revoke access to your app in their Fitbit settings at https://www.fitbit.com/user/profile/apps ?

If not, contact us privately with your client id and the user id.

JustinCoded · ‎01-06-2019

I'm in a similar situation, but I have thousands of these users due to years of the application, not removing subscriptions before revoking the users connection to our app. Is this something we should contact you about?

Gordon-C · ‎01-07-2019

Hi @JustinCoded

Is your application revoking the token or are the Fitbit users revoking access to your application? Would you please describe the steps taken to reproduce the scenario where you're still receiving notifications for revoked users? We can try to work with you on addressing this problem.

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

JustinCoded · ‎02-07-2019

In our case, I think various issues caused the refresh token to be revoked from your end, or the users are revoking them from the Fitbit Settings Page as far as I can tell. There may be cases as well were we got out of sync with the tokens due to distributed processing before we got our locks functioning 100% either way we have notifications coming in that we cannot resolve, because we no longer have a valid refresh token to resolve them with.

The simplest solution to me is to have an API call that will allow us as a company, with our client id and secret to unsubscribe users from our notification endpoint.

Gordon-C · ‎02-11-2019

Would you please private message me several of the user ids where you have an invalid refresh token? I can do some investigation on our side.

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

caryland · ‎08-12-2019

We have a very similar situation. User accounts may have been removed from our system; however, their Fitbit access may not have been revoked.

So we continue to receive ping notifications on their behalf but no way of discontinuing/revoking them because we no longer have their access or refresh tokens.

For example, just today we have received 253k pings with 71k coming from users not longer in our system.

Any suggestions? Thanks much!

Gordon-C · ‎08-13-2019

Hi @caryland

To stop receiving webhook notifications, your application or the Fitbit user would need to revoke access with sharing data. When user accounts are removed from your system, does your application revoke access to their user's access token or refresh token?

Gordon

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

caryland · ‎08-20-2019

We do attempt to revoke access when a user leaves our system, but over the years we've amassed many that fell through the holes. We'd like to be able to clean these up.

Join us on the Community Forums!

Community Guidelines

Learn the Basics

Join the Community!

Not finding your answer on the Community Forums?

Go to the Help Site

Contact Support

How to remove user's subscription without their OAuth tokens?

mbmccormick

JeremiahFitbit

JustinCoded

Gordon-C

JustinCoded

Gordon-C

caryland

Gordon-C

caryland