Solved: Re: Increasing token lifetime

VoloHA · ‎06-24-2022

Hi, I'm working on FitBit API integration via Implicit grand flow and trying to increase token lifetime to one year but it always returns same value near `604800` whenever I pass on `expires_in` parameter.
Here is link example `https://www.fitbit.com/oauth2/authorize?response_type=token&client_id=******&redirect_uri=*******&sc...

And response example `*******#access_token=*******&user_id=******&scope=activity&token_type=Bearer&expires_in=602529`

simon238 · ‎06-24-2022

Actually I think I've found out why:

You need to revoke access in your fitbit profile and re-request with the new value. Otherwise it's giving you the original token with the original expiry time.

This worked for me:

social+heartrate&token_type=Bearer&expires_in=31536000

View best answer in original post

simon238 · ‎06-24-2022

Is this before requesting the bearer token? Why does it say token_type=Bearer?

VoloHA · ‎06-24-2022

@simon238 wrote:
Is this before requesting the bearer token? Why does it say token_type=Bearer?

Not sure that I understand you correctly, I'm folowing this guide https://dev.fitbit.com/apps/oauthinteractivetutorial and response is the same as in step 2

simon238 · ‎06-24-2022

Ah ok, that is probably the maximum length of time allowed by the fitbit API. Typically you would just use the refresh_token to request a new bearer token when that one has expired. This wouldn't require revalidation by the user. You need to keep track of the expiration time and the refresh_token. This is done for security reasons; using the refresh token requires the client secret, whereas the bearer token does not.

604800 s — or 7 days — is actually a really long time for a bearer token to be valid for, typically default values are 1 hour.

VoloHA · ‎06-24-2022

But documentaiton says `The user may specify a lifetime for the access token up to one year.`)
Via implicit grant flow i'm obtaining only access token, without refresh, so when it expires user should pass authorization again.

simon238 · ‎06-24-2022

Ah sorry, you're right. I've not used that implementation myself, but I have noticed other instances where the documentation isn't perfect. All I can do is suggest you switch to the recommended implementation, if you have the refresh token you shouldn't have any problems with expiration.

VoloHA · ‎06-24-2022

Probably yes, I just wanted to do this quickly.
Thank you mate

simon238 · ‎06-24-2022

Actually I think I've found out why:

You need to revoke access in your fitbit profile and re-request with the new value. Otherwise it's giving you the original token with the original expiry time.

This worked for me:

social+heartrate&token_type=Bearer&expires_in=31536000

VoloHA · ‎06-24-2022

Thank you, it works for me too

Join us on the Community Forums!

Community Guidelines

Learn the Basics

Join the Community!

Not finding your answer on the Community Forums?

Go to the Help Site

Contact Support

Increasing token lifetime

VoloHA

simon238

simon238

VoloHA

simon238

VoloHA

simon238

VoloHA

simon238

VoloHA