help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Subscription API down?

ANSWERED

‎12-21-2018 13:53

‎12-21-2018 13:53

Hello,

 

Our previously working code is now breaking during creation of subscriptions with valid oauth session. Is this issue related to the device sync issue announced about an hour ago? fitbitstatus.com shows all green at this moment.

 

Thank you,

 

Pawel

Best Answer
Labels:
0 Votes
1 BEST ANSWER

Accepted Solutions

‎12-22-2018 08:36

‎12-22-2018 08:36

Turns out that subscription API is a touchy beast:

 

OAuth2 error returned includes status of 409. Per documentation here (https://dev.fitbit.com/build/reference/web-api/subscriptions/), 409 is results when a user tries to 2 subscriptions to the same resource:

 

A single user can only subscribe to the same stream once. If a conflict arises trying to add a subscription, the server will respond with an HTTP 409 Conflict. It will still return the same response elements, but in this case, the body will tell you that the subscription already exists so that corrective action must be taken.

In our case, we weren't able to a) create subscriptions b) delete subscriptions.

 

Subscriptions deletion started working when the scope included: 

activity nutrition profile settings sleep weight

and the user account allowed access to all of them.

 

The above worked also for subscription creation, though I suspect, settings is related to subscription creation and could be limited to that. But what's a subscription creation without deletion?

 

It would indeed be very helpful for the app to verify appropriate scope grant upon FitbitAPI doing a callback so that application could instruct user when scopes granted during login differ from scope expected by the app. Yes, one could verify the scopes by listing subscriptions (https://dev.fitbit.com/build/reference/web-api/subscriptions/#getting-a-list-of-subscriptions), but that seems inefficient.

 

--p

View best answer in original post

Best Answer
0 Votes
2 REPLIES 2

‎12-22-2018 08:36

‎12-22-2018 08:36

Turns out that subscription API is a touchy beast:

 

OAuth2 error returned includes status of 409. Per documentation here (https://dev.fitbit.com/build/reference/web-api/subscriptions/), 409 is results when a user tries to 2 subscriptions to the same resource:

 

A single user can only subscribe to the same stream once. If a conflict arises trying to add a subscription, the server will respond with an HTTP 409 Conflict. It will still return the same response elements, but in this case, the body will tell you that the subscription already exists so that corrective action must be taken.

In our case, we weren't able to a) create subscriptions b) delete subscriptions.

 

Subscriptions deletion started working when the scope included: 

activity nutrition profile settings sleep weight

and the user account allowed access to all of them.

 

The above worked also for subscription creation, though I suspect, settings is related to subscription creation and could be limited to that. But what's a subscription creation without deletion?

 

It would indeed be very helpful for the app to verify appropriate scope grant upon FitbitAPI doing a callback so that application could instruct user when scopes granted during login differ from scope expected by the app. Yes, one could verify the scopes by listing subscriptions (https://dev.fitbit.com/build/reference/web-api/subscriptions/#getting-a-list-of-subscriptions), but that seems inefficient.

 

--p

Best Answer
0 Votes

‎01-03-2019 15:01

In response to PawelRTE

‎01-03-2019 15:01

Hi @PawelRTE,

 

I'm glad you were able to solve your problem.  I read your request and wanted to respond.  We are following the specification when it comes to the authorization response for OAuth2 authorizations.  The Authorization Code Grant Flow response does not return the scopes authorized by the user, https://tools.ietf.org/html/rfc6749#section-4.1.2, while the Implicit Grant Flow response does return the scopes, https://tools.ietf.org/html/rfc6749#section-4.2.2.  

 

Depending on the OAuth2 library you're using, you still might be able to retrieve the scopes authorized by the user for the Authorization Code Grant Flow.  For example, the scribejava OAuth2 library has a method called getRawResponse() which will return the details of the access token, including the scopes authorized by the user.  Check if the library you're using has similar functionality.  If not, our tokens use the JSON Web Token (JWT) format.  

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes