01-14-2016 10:08
01-14-2016 10:08
So I've found myself in a situation where a user has an active subscription for my application, but I no longer have a record in my database of this user or their OAuth tokens. My application is receiving this user's subscribed notifications from Fitbit, but my application doesn't know what to do with it. I also can't remove this subscription, because I need the user's OAuth tokens to do so.
How can I remove this subscription for this single user?
01-14-2016 17:30 - edited 01-14-2016 17:31
01-14-2016 17:30 - edited 01-14-2016 17:31
That is indeed a predicament. Can you ask the person to revoke access to your app in their Fitbit settings at https://www.fitbit.com/user/profile/apps ?
If not, contact us privately with your client id and the user id.
01-06-2019 19:29
01-06-2019 19:29
I'm in a similar situation, but I have thousands of these users due to years of the application, not removing subscriptions before revoking the users connection to our app. Is this something we should contact you about?
01-07-2019 09:49
01-07-2019 09:49
Hi @JustinCoded
Is your application revoking the token or are the Fitbit users revoking access to your application? Would you please describe the steps taken to reproduce the scenario where you're still receiving notifications for revoked users? We can try to work with you on addressing this problem.
02-07-2019 04:26
02-07-2019 04:26
In our case, I think various issues caused the refresh token to be revoked from your end, or the users are revoking them from the Fitbit Settings Page as far as I can tell. There may be cases as well were we got out of sync with the tokens due to distributed processing before we got our locks functioning 100% either way we have notifications coming in that we cannot resolve, because we no longer have a valid refresh token to resolve them with.
The simplest solution to me is to have an API call that will allow us as a company, with our client id and secret to unsubscribe users from our notification endpoint.
02-11-2019 13:43
02-11-2019 13:43
Would you please private message me several of the user ids where you have an invalid refresh token? I can do some investigation on our side.
08-12-2019 18:40
08-12-2019 18:40
We have a very similar situation. User accounts may have been removed from our system; however, their Fitbit access may not have been revoked.
So we continue to receive ping notifications on their behalf but no way of discontinuing/revoking them because we no longer have their access or refresh tokens.
For example, just today we have received 253k pings with 71k coming from users not longer in our system.
Any suggestions? Thanks much!
08-13-2019 11:52
08-13-2019 11:52
Hi @caryland
To stop receiving webhook notifications, your application or the Fitbit user would need to revoke access with sharing data. When user accounts are removed from your system, does your application revoke access to their user's access token or refresh token?
Gordon
08-20-2019 15:20
08-20-2019 15:20
We do attempt to revoke access when a user leaves our system, but over the years we've amassed many that fell through the holes. We'd like to be able to clean these up.