Like gmdev, I was able to reproduce this by connecting the same device to multiple accounts.

This is also problematic for us since our customers sometimes have multiple accounts through different channels and legitimately want to connect their Fitbit to both accounts. We have no way to link the accounts and no way to see if a given Fitbit account is already connected.  Therefore, we can't even warn the user their first account will break.

I was, also, able to reproduce this by connecting an account our production and developer services.

Maybe this is related to the issue I am having. 

I can authorize no problem. But renewal works the first time(I don't think i get a new refresh token) then doesn't work the 2nd time. Which from reading these forms perhaps that is how it is suppose to work. But how do I keep a token for constant access? 

Also I tested it further and I reauthorized fully, then waited 15 mins and it looks like the refresh token stops working. 

I got everything working except I need to reauthorize everyday to spite saving the refresh token, an daccess token on each authorization or refresh. Would love any suggestion you guys might have. 

@MattJDavisIt sounds like you're not saving the new refresh token. Each time you authorize, you are given a new refresh token (along with the authorization  token) and the old one is no longer valid.

hmm I'm pretty sure I am, and I've also compared them from authorization to refresh, to mulptiple refresh. But alas perhaps I missed it and I could be wrong. I'll double check again tommorow. Thanks. 

@rossiam will a refresh token work after a accesstoken is expired? 

We have the same experience as other users in this thread.
Without editing the code in months, in the last weeks more users get disconnected then before.

It looks to happen randomly and even happened to my own user, without me doing anything / revoking my connection.

1) I didn't connect twice with the same Fitbit account
2) I didn't revoke the connection
3) Refreshing the token works most of the time, so it's not always a problem.

Is this issue still getting investigated by Fitbit? Or is there a workaround for this problem?

The Fitbit team has been investigating this problem and identified some possible causes. Currently, we are working on the fixes and the changes to make the system more robust. 

We are also facing this issue. The users token was refreshed at 2017-10-10T22:05:35.503021867Z.

At 2017-10-10T23:20:59.654630244Z, we used this token token for refreshing the access token and it said it was invalid

{"log":"Connection to Fitbit failed with the following error: {\"errors\":[{\"errorType\":\"invalid_grant\",\"message\":\"Refresh token invalid:. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process.\"}],\"success\":false}\n","stream":"stdout","time":"2017-10-10T23:20:59.654630244Z"}.

This was done for testing, we do not refresh the access token so often. We do it post the expiry time. 

I get this pretty constantly. I've tested it on a friends commercial account and it worked perfectly. But then invalid grants regularly on my personal. I sent in a support request and was told its not an issue they monitor it. Feels like they want us to be forsex into commercial or human api

Hello @GokhanFitbit!

Any news regarding the fix of this issue?

Thanks.

Kind regards.

Hello @gmdev,

As mentioned before possible causes and fixes are investigated. The team is very close to complete the first fix.

It will be announced here as soon as it gets pushed.  

Thanks

can you give us an update on this?

This should be fixed by now.

I seem to be facing this issue recently. I'm not sure how to resolve this. Can you please help us out with this?

"If that user authorizes themselves again as a new user in your system, but uses the same fitbit account credentials, the old authorization will become invalidated."

From: https://community.fitbit.com/t5/Web-API-Development/Web-API-Q-s/m-p/1062550/highlight/false#M4026