05-08-2015 11:02
05-08-2015 11:02
The problem is if someone (patient A) logs into their fitbit account and simply closed the browser, Fitbit retains the user credentials. If another individual (patient B) opens up and try to do oauth authentication from the same computer and same browser, we will be directed to paitent A's authorization page. Is there a way that I can make sure user has to login again everything time they do oauth authentication?
I am looking for something like Twitter's OAuth API parameter "force_redirect=true", or Facebook's "auth_type=reauthenticate"
Thanks for any reply.
Answered! Go to the Best Answer.
05-08-2015 11:07
05-08-2015 11:07
Not yet, but this is a planned feature for our OAuth 2.0 implementation. I do not have an ETA yet.
For OAuth 1.0a, users are always prompted to authorize the application and there is a "Not you?" notice on the bottom of the authorization screen.
05-08-2015 11:07
05-08-2015 11:07
Not yet, but this is a planned feature for our OAuth 2.0 implementation. I do not have an ETA yet.
For OAuth 1.0a, users are always prompted to authorize the application and there is a "Not you?" notice on the bottom of the authorization screen.
05-08-2015 22:39
05-08-2015 22:39
Would an iframe to the logout page right before the redirect solve this? Is there a reason to avoid that method?
<iframe src="https://www.fitbit.com/logout"></iframe>
05-11-2015 10:12 - edited 05-11-2015 10:22
05-11-2015 10:12 - edited 05-11-2015 10:22
You should not use that method. There is an officially supported method coming in the next two weeks.
Also, I think Fitbit's X-Frame-Options would block that page from being loaded in an iframe.
02-11-2016 09:46
02-11-2016 09:46
Hello,
Is there any news on this?
02-11-2016 12:08
02-11-2016 12:08
Please see the documentation for the OAuth 2.0 Authorization page. The "prompt
" URL parameter provides this functionality.
01-06-2022 04:35
01-06-2022 04:35
@JeremiahFitbit has this changed since this was answered? I am trying to force login for my app and `prompt=login` is not working. I am assuming that "login" is the correct value to pass into the query parameter as I cannot find any documentation on this. The OAuth 2.0 Authorization page you linked to does not mention the `prompt` parameter anywhere.
01-27-2022 05:19