Solved: OAuth 2.0 expiresIn value

ibiss2016 · ‎07-12-2016

Hi, we're just starting to migrate over to OAuth 2.0 and noticed the 'expiresIn' value in the Access Token response (Authorization Code Grant Flow) comes back as: 28800.

The documentation says it should be 3600, so why is it coming back as 28800?

Many thanks.

JeremiahFitbit · ‎07-12-2016

We just released this. 🙂 Documentation will be updated shortly.

Our new default lifetime for refreshable access tokens is 8 hours. You can explicitly request a 1 hour access token by setting expires_in=3600 in your access and refresh token requests.

View best answer in original post

JeremiahFitbit · ‎07-12-2016

We just released this. 🙂 Documentation will be updated shortly.

Our new default lifetime for refreshable access tokens is 8 hours. You can explicitly request a 1 hour access token by setting expires_in=3600 in your access and refresh token requests.

SteppyBob · ‎01-06-2017

It appears that in API docs, the "Body Parameters" section has been updated to reflect the new 28800 default, but in the "Refreshing Tokens" section that follows, the copy reads:

When using the Authorization Code Grant flow, the access tokens have a one-hour lifetime.

Does this need to be updated as well, or am I mistaking this for something else?

AndrewFitbit · ‎01-07-2017

@SteppyBob Yeah that needs to be updated since the default is 8 hours. Thanks.

Andrew | Community Moderator, Fitbit

What motivates you?

Join us on the Community Forums!

Community Guidelines

Learn the Basics

Join the Community!

Not finding your answer on the Community Forums?

Go to the Help Site

Contact Support

OAuth 2.0 expiresIn value

ibiss2016

JeremiahFitbit

JeremiahFitbit

SteppyBob

AndrewFitbit