01-20-2023 06:23
01-20-2023 06:23
Hello!
I am experiencing an issue where my spring batch data pipeline is returning an error of invalid grant on refreshing tokens.
The issue seems to be directly linked to users syncing their device with the third party app through fitbit. After the device has synced and tokens have been used sucesfully no issue occurs, but more often than not the tokens become invalid before an exchange of data completes.
I am hoping your logs can point me in the right direction as I'm running out of ideas on how to proceed
Thank you and best wishes,
Nathan
Answered! Go to the Best Answer.
02-01-2023 10:48 - edited 02-01-2023 10:51
02-01-2023 10:48 - edited 02-01-2023 10:51
Hi @Zelab
There is nothing wrong with updating your tokens in batch. However, I do not recommend it for the following reasons:
I'm sure you weighed the value of refreshing the tokens in batch. So, think about the points I mentioned here.
01-23-2023 10:45
01-23-2023 10:45
Hi @Zelab
Would you please provide me with your client ID and a recent example, including timestamps, for when this problem occurred?
Thanks!
Gordon
01-24-2023 01:59
01-24-2023 01:59
{"errors":[{"errorType":"invalid_grant","message":"Refresh token invalid: 9ac0186011ce20fdb4127c4caf0ba2976c917cd9d1d7204385797f23dfaef627. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}
this most recent example happened within the last hour on this client id
238BYQ
01-31-2023 13:12
01-31-2023 13:12
Hi @Zelab
I was able to find a recent scenario on Jan 30th where the user went through the authorization flow and the refresh token you used failed. What I'm seeing is the user is going through the authorization flow multiple times. Each time they authorization, we update the refresh token. However, you're only storing the first refresh token (which becomes invalid after the second consent) and trying to use it. This will fail because the first refresh token is invalid. Remember, the user can only have 1 refresh token. If the user goes through the authorization flow again, you will receive a new refresh token and will need to update this token for your user. When the user completes the authorization flow, you should receive their user id which can be used to update your database.
Check out this section of documentation, https://dev.fitbit.com/build/reference/web-api/developer-guide/best-practices/#Using-Tokens-Effectiv.... It's basically describing your scenario.
Gordon
02-01-2023 05:41 - edited 02-01-2023 05:45
02-01-2023 05:41 - edited 02-01-2023 05:45
Thank you for looking into this for me Gordon, I really appreciate your response.
I can only guess I am experiencing a race condition issue because my flow is basically
Using spring batch to bulk fetch refresh tokens from database, update the token pair and save them back to the database with the associated user identifying details.
I then fetch the fresh UAT from the database and make a request for data
The issue is intermittent where a users token will randomly fail to refresh, and never fail to access data and maybe like 1/100 users experience it
Thank you for your input, this has been driving me crazy to try and figure out where the issue comes from. I'm still very confused how the new refresh token is not getting saved
02-01-2023 10:48 - edited 02-01-2023 10:51
02-01-2023 10:48 - edited 02-01-2023 10:51
Hi @Zelab
There is nothing wrong with updating your tokens in batch. However, I do not recommend it for the following reasons:
I'm sure you weighed the value of refreshing the tokens in batch. So, think about the points I mentioned here.
02-01-2023 11:02
02-01-2023 11:02
You make an excellent point, I suppose the best alternative is to explore the web hooks/subscription approach and refresh as required
Thank you so much for getting back to me again, you raise an extremely valid point and I will go and venture off to the docs and start my next approach!
Best wishes
Nathan