Did you get any resolution on this ?

I am also getting error :

javax.servlet.ServletException: Unable to finish authorization with Fitbit.

Please provide details on what eaxtly api endpoint you're calling and what is the exacts stack trace/responce from fitbit. We need more details to be able to triage the issue.

Yes, we are seeing this issue intermittently.

Following are the steps :

1. User clicks to button to link fitbit flex
2. User is redirected to Fitbit oAuth screen
3. User enters username and password on Fitbit screen
4. User clicks on ‘Allow’ button
5. Now when user is redirected to REDIRECT URL registered with Fitbit for our application, our application is able to see that Fitbit is unable to authorize user. Error is thrown in the method mentioned in subject line of this post.

The last step when user is redirected to your app should be processed on server side of your app. 

If you're seeing ServletException at the last step you described you need to debug your server code and figure out why the authorization can not be finished up.

Also once debugging you should see detailed message from fitbit API telling what possibly can be wrong.

I am pretty sure I clicked allow button.

Still following log was generated from fitbit API.

This happened not once but many times, not only for me but for many users of our site

Following is the log

Caused by: com.fitbit.api.FitbitAPIException: The user has not given access to the account.
at com.fitbit.api.client.http.HttpClient.getOAuthAccessToken(HttpClient.java:223)
at com.fitbit.api.client.FitbitApiClientAgent.getOAuthAccessToken(FitbitApiClientAgent.java:203)
at com.fitbit.api.client.service.FitbitAPIClientService.getTokenCredentials(FitbitAPIClientService.java:105)
... 21 more
Caused by: com.fitbit.api.FitbitAPIException: 401: Authentication credentials were missing or incorrect.
{"errors":[{"errorType":"oauth","fieldName":"oauth_access_token","message":"Invalid signature or token '5ZPJKr6RqjWch5f0+6OpD6VPyGc=' or token '30449e0225c815a115ac6f68f3fd9f48'"}],"success":false}

at com.fitbit.api.client.http.HttpClient.httpRequest(HttpClient.java:461)
at com.fitbit.api.client.http.HttpClient.getOAuthAccessToken(HttpClient.java:220)
... 24 more

I'd say with this response it most likely you're not signing your request properly.

Please go to https://dev.fitbit.com/apps/oauthtutorialpage and verify that the signature generated there for getting permanent access token is the same signature that your code generates. You can go throught the whole oauth 1.0a flow on Fitbit debug page. If it all works well on Fitbit debug page then you need to compare the values you use in your code and values generated on this page step by step.

Also, can you please check that you don't try to get permanent access token twice?

We have contacted the support team and been back and forth with them since last week. We haven't gotten any resolution yet. This isse just started randomly affecting some of our users, without them taking any actions whatsoever. Will post if/when we get more info as to why this is happening and potential resolutions.

Thanks VPTech.

I guess you put it in better words.

Same is the case with us, the issue started with user taking no action whatsoever and hence we believe that this issue is not on our side.

As I said above please try to go through oauth 1.0a workflow here: https://dev.fitbit.com/apps/oauthtutorialpage

If it doesn't work there let me know.

Also check out video in this post: https://community.fitbit.com/t5/Web-API/How-to-properly-sign-API-request-and-set-up-OAuth-1-0a-flow/...

it explaining how to use the Fitbit debug tool. Make sure you wanthc it on hi-res screen in hi-def mode.

Hi ibahdanau

Our APIs are in place for more than 10 months now and we never got this error before. The development is over much prior and we are able to link devices.

This error is a sudden thing for many users. Other users are able to link devices with same piece of code. If our OAuth signatures were incorrect, wouldn't this affect all users at all times ?

Is anything changed from fitbit side in last couple of days ? i see some issue here 

http://status.fitbit.com/incidents/2015-01-13

aditya14641, please confirm that you're seeing the same issue when you try to go through oauth1.0a flow here:  https://dev.fitbit.com/apps/oauthtutorialpage

Also the issue at  status.fitbit.com you referring to has nothign to do with the oauth1.0a flow.