07-17-2015 08:57
07-17-2015 08:57
I am saving the access token and refresh token. When I refresh the access token before it has expired I am able to do so successfully and I receive a new access token and refresh token.
After the access token has expired for a few hours and I try to use the refresh token I am given an error that the refresh token is not valid. It seems as though the refresh token is expiring as well. Shouldn't the refresh token live forever? Otherwise I would have to have the user authenticate again everytime I desired to poll their data.
{"errors":[{"errorType":"oauth","fieldName":"refresh_token","message":"Refresh token invalid: 48b34e45c9275f902bfe58131b7fb8bb98853406ccdb492608f24321648249c8"}],"success":false}
07-21-2015 15:19
07-21-2015 15:19
The refresh token does not expire unless it is used or the user re-authorizes your app.
07-21-2015 15:28
07-21-2015 15:28
This does not seem to be the case. I am not using the refresh token and the user is not re-authorizing the app and it is expiring.
07-23-2015 11:01
07-23-2015 11:01
I can assure you that this is working properly. Fitbit is using OAuth 2.0 in a few of its own apps and they're able to refresh without issue.
Do you have multiple app workers or environments trying to request a refresh at the same time?
07-23-2015 13:59 - edited 07-23-2015 14:04
07-23-2015 13:59 - edited 07-23-2015 14:04
edit: doing more testing before reply
07-23-2015 14:10
07-23-2015 14:10
I suggest using a tool like Runscope Traffic Inspector. You can get the basic level account for free at https://www.runscope.com/fitbit .
Instead of calling https://api.fitbit.com/ , you'd call something like https://a12bc3d4e5.runscope.net . Runscope will proxy the request to api.fitbit.com. Then, you can see every request and response from the Fitbit API.
This will allow you to verify that your app is making the requests—and only the requests—that you think are being made. You can invite me to view your Runscope bucket by using the email address in my forum profile.
07-23-2015 16:24
07-23-2015 16:24
Scott, try this with your simple test script. Register a new application on dev.fitbit.com and use your existing account to authorize it. Record the refresh token and use it again X hours later. Don't use the newly registered application anywhere else except for this test.
I can definitely tell you that OAuth 2.0 refresh tokens do not expire except:
1. If you re-authorize the application, then you get a new refresh token and the old one is invalidated
2. You use the refresh token to obtain a new token and refresh token
08-19-2015 03:36
08-19-2015 03:36
I can see similar behaviour with my app. After some time, usually <2 days, the refresh token becomes invalid all of a sudden.
08-22-2015 04:52
08-22-2015 04:52
Our first Fitbit OAuth 2.0 users started using it from 2015-06-08 22:41 +00:00
I'm refreshing the token in about every 2 hour, and they are still ok.
But in some cases, i got 401 error on the refresh so they need to reauthorize the app.
Just dont forget to save every time when you refresing save it.
08-22-2015 11:02
08-22-2015 11:02
@xrstf wrote:
I can see similar behaviour with my app. After some time, usually <2 days, the refresh token becomes invalid all of a sudden.
This will only happen if you revoke access to the app or you previously used the refresh token.
If you like, PM me your OAuth 2.0 Client ID and your User ID and I can verify that your account has a valid refresh token on it.