help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is there a way to force user to login again for oauth authentication?

ANSWERED

‎05-08-2015 11:02

‎05-08-2015 11:02

The problem is if someone (patient A) logs into their fitbit account and simply closed the browser, Fitbit retains the user credentials. If another individual (patient B) opens up and try to do oauth authentication from the same computer and same browser, we will be directed to paitent A's authorization page. Is there a way that I can make sure user has to login again everything time they do oauth authentication?

 

I am looking for something like Twitter's OAuth API parameter "force_redirect=true", or Facebook's "auth_type=reauthenticate"

 

Thanks for any reply.

Best Answer
Labels:
1 BEST ANSWER

Accepted Solutions

‎05-08-2015 11:07

‎05-08-2015 11:07

Not yet, but this is a planned feature for our OAuth 2.0 implementation. I do not have an ETA yet.

 

For OAuth 1.0a, users are always prompted to authorize the application and there is a "Not you?" notice on the bottom of the authorization screen.

View best answer in original post

Best Answer
7 REPLIES 7

‎05-08-2015 11:07

‎05-08-2015 11:07

Not yet, but this is a planned feature for our OAuth 2.0 implementation. I do not have an ETA yet.

 

For OAuth 1.0a, users are always prompted to authorize the application and there is a "Not you?" notice on the bottom of the authorization screen.

Best Answer

‎05-08-2015 22:39

‎05-08-2015 22:39

Would an iframe to the logout page right before the redirect solve this? Is there a reason to avoid that method?

 

<iframe src="https://www.fitbit.com/logout"></iframe>

 

 

 

Best Answer
0 Votes

‎05-11-2015 10:12 - edited ‎05-11-2015 10:22

In response to derekm

‎05-11-2015 10:12 - edited ‎05-11-2015 10:22

You should not use that method. There is an officially supported method coming in the next two weeks.

 

Also, I think Fitbit's X-Frame-Options would block that page from being loaded in an iframe.

Best Answer
0 Votes

‎02-11-2016 09:46

In response to JeremiahFitbit

‎02-11-2016 09:46

Hello, 

 

Is there any news on this? 

 

 

Best Answer
0 Votes

‎02-11-2016 12:08

In response to amicoleo

‎02-11-2016 12:08

Please see the documentation for the OAuth 2.0 Authorization page. The "prompt" URL parameter provides this functionality.

Best Answer
0 Votes

‎01-06-2022 04:35

In response to JeremiahFitbit

‎01-06-2022 04:35

@JeremiahFitbit has this changed since this was answered? I am trying to force login for my app and `prompt=login` is not working. I am assuming that "login" is the correct value to pass into the query parameter as I cannot find any documentation on this. The OAuth 2.0 Authorization page you linked to does not mention the `prompt` parameter anywhere.

Best Answer
0 Votes

‎01-27-2022 05:19

In response to Mick17

‎01-27-2022 05:19

@Mick17Check that page: https://dev.fitbit.com/build/reference/web-api/authorization/authorize/

Best Answer
0 Votes