help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Suddenly getting invalid_grant "Authorization code invalid" error?

‎10-19-2017 04:09

‎10-19-2017 04:09

Hi! I've been running a small system for about a year now which always worked reliably. As of about a week ago I'm getting invalid_grant for any oauth token I try to create. No code changes on my end, I did see the topic titled "I can no longer get authentication_token and refresh_token" but I don't store the code so I think it's not relevant to my issue.

 

I first redirect users to "https://www.fitbit.com/oauth2/authorize" with appropriate parameters - again, these haven't changed for like a year!

 

The callback from fitbit provides me with the code I then use to call "https://api.fitbit.com/oauth2/token" providing the "code" I was just passed.

 

I can see clearly from my logs that "code" is the same as the one that fitbit called back with, and this code is not stored - it differs from other codes generated further up in the log and the state contains the unique value I generated for this oauth call!

 

The response from "/token" comes back with the invalid_grant error.

 

Any idea why this may have changed? Was there perhaps an update to fitbits oauth2 implementation I'm not aware of?

 

Thanks heaps!!

 

Best Answer
Labels:
0 Votes
1 REPLY 1

‎10-19-2017 09:34 - edited ‎10-19-2017 09:41

‎10-19-2017 09:34 - edited ‎10-19-2017 09:41

There were no changes in the code flow recently as far as I can tell.

Can you please try using code flow at this page: https://dev.fitbit.com/apps/oauthinteractivetutorial and let me know if it works.

While you test it make sure that your app is not listening for callbacks with codes otherwise your app will accept the code and exchange it to token and each code can only be used once.

 

Also can you please confirm if its single request is affected or just some of them?

Best Answer
0 Votes