Refreshing access token stops working after period...

scott_reed · ‎07-17-2015

I am saving the access token and refresh token. When I refresh the access token before it has expired I am able to do so successfully and I receive a new access token and refresh token.

After the access token has expired for a few hours and I try to use the refresh token I am given an error that the refresh token is not valid. It seems as though the refresh token is expiring as well. Shouldn't the refresh token live forever? Otherwise I would have to have the user authenticate again everytime I desired to poll their data.

{"errors":[{"errorType":"oauth","fieldName":"refresh_token","message":"Refresh token invalid: 48b34e45c9275f902bfe58131b7fb8bb98853406ccdb492608f24321648249c8"}],"success":false}

JeremiahFitbit · ‎07-21-2015

The refresh token does not expire unless it is used or the user re-authorizes your app.

scott_reed · ‎07-21-2015

This does not seem to be the case. I am not using the refresh token and the user is not re-authorizing the app and it is expiring.

JeremiahFitbit · ‎07-23-2015

I can assure you that this is working properly. Fitbit is using OAuth 2.0 in a few of its own apps and they're able to refresh without issue.

Do you have multiple app workers or environments trying to request a refresh at the same time?

scott_reed · ‎07-23-2015

edit: doing more testing before reply

JeremiahFitbit · ‎07-23-2015

I suggest using a tool like Runscope Traffic Inspector. You can get the basic level account for free at https://www.runscope.com/fitbit .

Instead of calling https://api.fitbit.com/ , you'd call something like https://a12bc3d4e5.runscope.net . Runscope will proxy the request to api.fitbit.com. Then, you can see every request and response from the Fitbit API.

This will allow you to verify that your app is making the requests—and only the requests—that you think are being made. You can invite me to view your Runscope bucket by using the email address in my forum profile.

SunsetRunner · ‎07-23-2015

Scott, try this with your simple test script. Register a new application on dev.fitbit.com and use your existing account to authorize it. Record the refresh token and use it again X hours later. Don't use the newly registered application anywhere else except for this test.

I can definitely tell you that OAuth 2.0 refresh tokens do not expire except:

1. If you re-authorize the application, then you get a new refresh token and the old one is invalidated

2. You use the refresh token to obtain a new token and refresh token

xrstf · ‎08-19-2015

I can see similar behaviour with my app. After some time, usually <2 days, the refresh token becomes invalid all of a sudden.

freeubi · ‎08-22-2015

Our first Fitbit OAuth 2.0 users started using it from 2015-06-08 22:41 +00:00
I'm refreshing the token in about every 2 hour, and they are still ok.

But in some cases, i got 401 error on the refresh so they need to reauthorize the app.
Just dont forget to save every time when you refresing save it.

SunsetRunner · ‎08-22-2015

@xrstf wrote:

I can see similar behaviour with my app. After some time, usually <2 days, the refresh token becomes invalid all of a sudden.

This will only happen if you revoke access to the app or you previously used the refresh token.
If you like, PM me your OAuth 2.0 Client ID and your User ID and I can verify that your account has a valid refresh token on it.

Join us on the Community Forums!

Community Guidelines

Learn the Basics

Join the Community!

Not finding your answer on the Community Forums?

Go to the Help Site

Contact Support

Refreshing access token stops working after period of time

scott_reed

JeremiahFitbit

scott_reed

JeremiahFitbit

scott_reed

JeremiahFitbit

SunsetRunner

xrstf

freeubi

SunsetRunner