01-31-2019 07:36
01-31-2019 07:36
We have been using Fitbit API since 4 years and we are into a situation where more than 2000+ user Refresh token has become invalid starting from 23 Jan 2019. We cannot get all the 2000+ user to Authenticate Fitbit to our Web service as we do not store their email id Or contact info.
We are Syncing the Fitbit user activity and nutrition data by specific time interval on our server. It was working fine until that day and stopped syncing the data. When checked we are receiving the invalid refresh token error message. We need a quick solution for getting the new refresh token for further data sync and reporting.
We are on oAuth 2.0 protocol implemented.
02-19-2019 10:59
02-19-2019 10:59
@shashi and @catteneo22, would you please private message me a couple of user ids that you're having trouble with the refresh tokens? I'll do some investigation on our side.
02-25-2019 06:32
02-25-2019 06:32
Hi
Basically we would be providing trackers to our players to monitor their activities.. So we would like players to authorize our application in order to track their activities.. I need help in these cases
1. How can i get list of users who authorized my application?
2. How can i get activities of all users who authorized my application?
3. Each time do i need to save refresh access token to access my user's activities or can i have any permanent token?
Hoping for your support..
Regards,
Ananthan
05-16-2019 10:49
05-16-2019 10:49
Having a similar issue and sent Gordon a PM as he requested above from the OP. Should I open a new issue?
05-17-2019 15:50
05-17-2019 15:50
Hi @Kevin_H
Thank you for sending me the additional information. I'll research the problem and get back to you.
Gordon
05-29-2019 13:07
05-29-2019 13:07
Hi @Kevin_H
Thank you letting me know the problem correlated with a system loss on your end.
Best regards,
Gordon
05-30-2019 09:10 - edited 05-30-2019 09:15
05-30-2019 09:10 - edited 05-30-2019 09:15
For the benefit of anyone else who might be helped by knowing how I messed up, it was following an event that required restoring the DB from backup, and the restored tokens had been refreshed in the meantime. Of course, in the spirit of classic programmer blame deflection, it's a pity the Fitbit elected to return a new refresh token on every refresh (OAuth2 spec says it's optional). This actually has a significant side effect in that it limits recoverability in the (vanishingly rare) case where the refresh request makes it to Fitbit but the response gets lost.