help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Not able to generate access_token

‎11-13-2019 12:00

‎11-13-2019 12:00

  1. Got the access code using the GET request in browser. Used 'login' prompt and allowed access. code was returned in the browser url along with redirect url. Code i received was "a6ecaff0ae74fc56e25cf99138cfe15d46f3df37#_=_" (this has expired already) 
    1. https://www.fitbit.com/oauth2/authorize?client_id=<id>&redirect_uri=<uri>&response_type=code&scope=a...
  2.  Now I am using this code in POSTMAN tool to get the access token.
    1. POST https://api.fitbit.com/oauth2/token
    2. Headers:
      1. Authorization: Basic <clientId:clientSecret> 
        1. Used https://www.base64encode.org/ to endcode clientId:clientSecret
      2. Content-Type: application/x-www-form-urlencoded
    3. Body: 
      1. client_id:<id>
      2. grant_type:authorization_code
      3. redirect_uri:<uri> (this is the same rediret uri defined in fitbit app settings)
      4. code: a6ecaff0ae74fc56e25cf99138cfe15d46f3df37#_=_ <this is actual code received in the step1, please note the additional chars at the end i.e. #_=_ were received from fitbit)
    4. I have also tried sending these body params as query params with url encoded format but that does not work either.
    5. Error received is {"success":false,"errors":[{"errorType":"invalid_token","message":"Access token invalid: VDn4LDmAsmbAtJ07D47sUdnCvmCrJmQha4fx0e3No53IEw6k7OeCO8DmxhFTOmK3. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}]}
Best Answer
Labels:
0 Votes
1 REPLY 1

‎11-15-2019 14:54

‎11-15-2019 14:54

Hi @amittaneja 

 

Thank you for reaching out and providing such detail.   I think the problem is related to #_=_.  You should remove it from the authorization code.  Also, you were correct to send client_id, grant_type, redirect_uri and code as body parameters.

 

Please try this change and let me know if it works for you.

 

Gordon

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes