04-19-2018 08:33
04-19-2018 08:33
We've been onboarding users in the same way for some time. They get taken to the Fitbit authorization page, give their credentials, get redirected to a url that includes their authorization code, then we use that authorization code to obtain an access token. But now we are getting 'Authorization code invalid' errors when trying to obtain the access token.
Has the API changed in any way?
The only potentially unconventional thing we are doing is taking the user from the authorization page to an app which then posts the authorization token to our API - our API requests the access token. Like I say, this has worked fine up until now.
Answered! Go to the Best Answer.
04-24-2018 10:15
04-24-2018 10:15
We made a recent change to prevent two client IDs, one to obtain the authorization code and one to obtain the access token, being used to authorize access to user data. You need to use a single client ID during your authorization flow.
04-24-2018 10:15
04-24-2018 10:15
We made a recent change to prevent two client IDs, one to obtain the authorization code and one to obtain the access token, being used to authorize access to user data. You need to use a single client ID during your authorization flow.