help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

OAuth migration and heart rate

‎07-06-2015 12:25 - edited ‎07-06-2015 12:39

‎07-06-2015 12:25 - edited ‎07-06-2015 12:39

Hi,

 

I have users using OAuth1.0 and I am planning to migrate them to OAuth2.0 without having them go through the complete flow. I will be using the refresh token exchange to do this migration as suggested by Fitbit in api docs. However, I also want to get the heart rate data. The api docs say that

"This will allow an application to upgrade to OAuth 2.0 without requiring users to go through the authorization flow unless the application would like to request access to heart rate and location data"

 

Does it mean that - if my application users want to access their heart rate data - they have to go through complete OAuth workflow again though their credentials are migrated from 1.0 to 2.0 at backend ??

Shouldn't the access be given to all available scopes after this migration ?

 

Best Answer
Labels:
0 Votes
4 REPLIES 4

‎07-06-2015 15:03

‎07-06-2015 15:03

@aditya14641 I think Fitbit has made it very clear that apps will not get access to heart rate data without the user specifically approving the request. So you are correct, while you can migrate them from 1.0 to 2.0, you won't get access to the heart rate data unless they go through the process with the additional scope. I know I certainly don't want all the old applications I have approved under 1.0 to automatically get access to my heart rate data. (I actually wish I much more granular control over what they could access/change.)

Best Answer

‎07-06-2015 15:53

In response to Michael

‎07-06-2015 15:53

So will the user be given privilege to remove other scopes while user is going through complete OAuth process for heart rate scope ?

Best Answer
0 Votes

‎07-06-2015 15:59

In response to aditya14641

‎07-06-2015 15:59

No they can either approve or deny the request as a whole. (I.e. if you ask for something they don't want to share, you don't get anything.)

Best Answer
0 Votes

‎07-13-2015 17:24

In response to aditya14641

‎07-13-2015 17:24

@aditya14641 wrote:

So will the user be given privilege to remove other scopes while user is going through complete OAuth process for heart rate scope ?

Users will have the option to not grant any scope your app requests. (Each scope has a checkbox beside it. Currently, some scope appear as a bullet, but all will be a checkbox by the end of the beta.) You will need to confirm that the user actually gave you scope you requested. Scope is returned in the callback.

Best Answer