07-17-2015 08:57
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

07-17-2015 08:57
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
I am saving the access token and refresh token. When I refresh the access token before it has expired I am able to do so successfully and I receive a new access token and refresh token.
After the access token has expired for a few hours and I try to use the refresh token I am given an error that the refresh token is not valid. It seems as though the refresh token is expiring as well. Shouldn't the refresh token live forever? Otherwise I would have to have the user authenticate again everytime I desired to poll their data.
{"errors":[{"errorType":"oauth","fieldName":"refresh_token","message":"Refresh token invalid: 48b34e45c9275f902bfe58131b7fb8bb98853406ccdb492608f24321648249c8"}],"success":false}
07-21-2015 15:19
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



07-21-2015 15:19
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
The refresh token does not expire unless it is used or the user re-authorizes your app.

07-21-2015 15:28
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

07-21-2015 15:28
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
This does not seem to be the case. I am not using the refresh token and the user is not re-authorizing the app and it is expiring.

07-23-2015 11:01
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



07-23-2015 11:01
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
I can assure you that this is working properly. Fitbit is using OAuth 2.0 in a few of its own apps and they're able to refresh without issue.
Do you have multiple app workers or environments trying to request a refresh at the same time?

07-23-2015 13:59 - edited 07-23-2015 14:04
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

07-23-2015 13:59 - edited 07-23-2015 14:04
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
edit: doing more testing before reply

07-23-2015 14:10
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post



07-23-2015 14:10
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
I suggest using a tool like Runscope Traffic Inspector. You can get the basic level account for free at https://www.runscope.com/fitbit .
Instead of calling https://api.fitbit.com/ , you'd call something like https://a12bc3d4e5.runscope.net . Runscope will proxy the request to api.fitbit.com. Then, you can see every request and response from the Fitbit API.
This will allow you to verify that your app is making the requests—and only the requests—that you think are being made. You can invite me to view your Runscope bucket by using the email address in my forum profile.

07-23-2015 16:24
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

SunsetRunner
07-23-2015 16:24
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Scott, try this with your simple test script. Register a new application on dev.fitbit.com and use your existing account to authorize it. Record the refresh token and use it again X hours later. Don't use the newly registered application anywhere else except for this test.
I can definitely tell you that OAuth 2.0 refresh tokens do not expire except:
1. If you re-authorize the application, then you get a new refresh token and the old one is invalidated
2. You use the refresh token to obtain a new token and refresh token

08-19-2015 03:36
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

08-19-2015 03:36
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
I can see similar behaviour with my app. After some time, usually <2 days, the refresh token becomes invalid all of a sudden.

08-22-2015 04:52
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

08-22-2015 04:52
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
Our first Fitbit OAuth 2.0 users started using it from 2015-06-08 22:41 +00:00
I'm refreshing the token in about every 2 hour, and they are still ok.
But in some cases, i got 401 error on the refresh so they need to reauthorize the app.
Just dont forget to save every time when you refresing save it.

08-22-2015 11:02
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post

SunsetRunner
08-22-2015 11:02
- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report this post
@xrstf wrote:
I can see similar behaviour with my app. After some time, usually <2 days, the refresh token becomes invalid all of a sudden.
This will only happen if you revoke access to the app or you previously used the refresh token.
If you like, PM me your OAuth 2.0 Client ID and your User ID and I can verify that your account has a valid refresh token on it.

