06-24-2022 03:34
06-24-2022 03:34
Hi, I'm working on FitBit API integration via Implicit grand flow and trying to increase token lifetime to one year but it always returns same value near `604800` whenever I pass on `expires_in` parameter.
Here is link example `https://www.fitbit.com/oauth2/authorize?response_type=token&client_id=******&redirect_uri=*******&sc...
And response example `*******#access_token=*******&user_id=******&scope=activity&token_type=Bearer&expires_in=602529`
Answered! Go to the Best Answer.
06-24-2022 06:08 - edited 06-24-2022 06:09
06-24-2022 06:08 - edited 06-24-2022 06:09
Actually I think I've found out why:
You need to revoke access in your fitbit profile and re-request with the new value. Otherwise it's giving you the original token with the original expiry time.
This worked for me:
social+heartrate&token_type=Bearer&expires_in=31536000
06-24-2022 04:17
06-24-2022 04:17
Is this before requesting the bearer token? Why does it say token_type=Bearer?
06-24-2022 05:11
06-24-2022 05:11
@simon238 wrote:Is this before requesting the bearer token? Why does it say token_type=Bearer?
Not sure that I understand you correctly, I'm folowing this guide https://dev.fitbit.com/apps/oauthinteractivetutorial and response is the same as in step 2
06-24-2022 05:33 - edited 06-24-2022 05:37
06-24-2022 05:33 - edited 06-24-2022 05:37
Ah ok, that is probably the maximum length of time allowed by the fitbit API. Typically you would just use the refresh_token to request a new bearer token when that one has expired. This wouldn't require revalidation by the user. You need to keep track of the expiration time and the refresh_token. This is done for security reasons; using the refresh token requires the client secret, whereas the bearer token does not.
604800 s — or 7 days — is actually a really long time for a bearer token to be valid for, typically default values are 1 hour.
06-24-2022 05:43
06-24-2022 05:43
But documentaiton says `The user may specify a lifetime for the access token up to one year.`)
Via implicit grant flow i'm obtaining only access token, without refresh, so when it expires user should pass authorization again.
06-24-2022 05:57
06-24-2022 05:57
Ah sorry, you're right. I've not used that implementation myself, but I have noticed other instances where the documentation isn't perfect. All I can do is suggest you switch to the recommended implementation, if you have the refresh token you shouldn't have any problems with expiration.
06-24-2022 06:02
06-24-2022 06:02
Probably yes, I just wanted to do this quickly.
Thank you mate
06-24-2022 06:08 - edited 06-24-2022 06:09
06-24-2022 06:08 - edited 06-24-2022 06:09
Actually I think I've found out why:
You need to revoke access in your fitbit profile and re-request with the new value. Otherwise it's giving you the original token with the original expiry time.
This worked for me:
social+heartrate&token_type=Bearer&expires_in=31536000
06-24-2022 06:26
06-24-2022 06:26
Thank you, it works for me too