help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Refresh Access Token

‎06-03-2020 01:17

‎06-03-2020 01:17

Hi Fitbit Community,

 

I am dealing with the application of getting Fitbit footsteps data developed 2 years ago. Starting from 18May, the data import is not allowed. I am new to the Fitbit API so I am not sure how to fix the problem. It is developed as follow to get the access token of each user:

 

  1. login to a user account
  2. application shall browse "https://www.fitbit.com/oauth2/authorize?response_type=token&client_id=[XXXXXX]&redirect_uri=https%3A...
  3. redirect to "https://www.[company].com/fitbit/callback#access_token=[XXXXXX]&user_id=[XXXXXX]&scope=heartrate+activity&token_type=Bearer&expires_in=9923538"
  4.  redirect to authorization page to allow all data
  5. save the access token from the url

However, it is now failed in Step3. The VS default browser is IE and it is shown "This site is not secure". So not able to access to authorization page and not able to revoke the token.

 

Best Answer
Labels:
0 Votes
3 REPLIES 3

‎06-03-2020 19:00

‎06-03-2020 19:00

using (HttpClient client = new HttpClient())
{
string encodedAuth = Base64Encode("XXXXXX:xxxxxxxxxxxxxxxxxxxxx");
var content = new FormUrlEncodedContent(new[]
{
new KeyValuePair<string, string>("token", staff.AccessToken),
});

//var content = new FormUrlEncodedContent(values);

client.BaseAddress = new Uri("https://api.fitbit.com/oauth2/revoke");
client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Basic", encodedAuth);
client.Timeout = TimeSpan.FromSeconds(30);

HttpResponseMessage response = await client.PostAsync("https://api.fitbit.com/oauth2/revoke", content); <-------Error occurred in this line
string responseString = await response.Content.ReadAsStringAsync();
return response;
}

Best Answer
0 Votes

‎06-09-2020 14:01

In response to SunsetRunner

‎06-09-2020 14:01

Hi @SunsetRunner,

 

Welcome to the forums!

 

Before I jump into any conclusions, can you DM me a screenshot of your application details at dev.fitbit.com?

 

It sounds like there is confusion between which authorization flow you are using to authorize your users. The authorization URL you provided is associated to the Implicit grant flow because you have response_type=token in your URL parameters. The subject of your post indicates that you are using the authorization code grant flow since the refresh token endpoint is only used in this style of authorization.

 

Can you let me know if you are using the authorization code grant flow or the implicit grant flow

 

Hope to hear from you soon!

Best Answer
0 Votes

‎06-15-2020 13:15

In response to JohnFitbit

‎06-15-2020 13:15

This was resolved via email. Root cause was due to the deprecation of TLS 1.0 and TLS 1.1. For reference, please see https://community.fitbit.com/t5/Web-API-Development/Deprecating-Support-for-TLS-1-0-and-TLS-1-1-on-M...

Best Answer
0 Votes