Invalid refresh token

dferrari · ‎02-23-2016

I am receiving an error about the refresh token being invalid whenever I try to obtain a new access token. I can obtain and store both the access and the refresh token; in fact, I can make API calls with the access token without any problems. Am I supposed to wait for the access token to expire before I try to refresh it?

karkum1 · ‎02-24-2016

We are also seeing similar problems when refreshing tokens (both oauth1->2.0 and with just oauth 2.0). Do you have any suggestions @dferrari? Were you able to find the root cause?

dferrari · ‎02-24-2016

@karkum1, I found a solution to the problem but I am not sure that it might be helpful to you.

In a nutshell, my implementation was erroneous as the documentation in "Using OAuth 2.0" is a bit unclear. In particular, the documentation says:

Your application stores the access token and refresh token. It will use the access token to make requests to the Fitbit API. It will use the refresh token to obtain a new access token when the access token expires without having to re-prompt the user.

What this paragraphs doesn't mention is that the application will use the refresh token to obtain a new access token and a new refresh token. Refresh tokens are only meant to be used once. Not knowing this bit of information, I was trying to reuse the same refresh token, resulting in the error I was seeing. What led me to the solution was a post from @JeremiahFitbit on this thread:

This error means that the refresh token is not valid or has already been used. Do you have any concurrent requests for refresh tokens?

Join us on the Community Forums!

Community Guidelines

Learn the Basics

Join the Community!

Not finding your answer on the Community Forums?

Go to the Help Site

Contact Support

Invalid refresh token

dferrari

karkum1

dferrari