help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Token Request Error : Authorization code invalid

‎02-07-2018 04:07

‎02-07-2018 04:07

I am trying to use the authorization code flow and use the authorization URL link. After clicking on the link I am forwarded to the redirect URL and where I get the code from the URL link. Then I paste the code into the section 1A Get Code, and then user the Hurl.it site to get the token.

On this page I had to enter a missing field such as Authorization : Basic XXXXX, and rename the field clientid to client_id. 

But after launching the request I am getting an error > Bad request 400, message": "Authorization code invalid, "errorType": "invalid_grant".

Any idea of what I am doing wrong ? This code is automatically copied from previous page.

 

 

Best Answer
Labels:
0 Votes
4 REPLIES 4

‎02-07-2018 06:41

‎02-07-2018 06:41

I got one more question. 

 

https://dev.fitbit.com/build/reference/web-api/oauth2/#redirect-uris

This article describes what parameters are sent when using Implicit  the Grant Redirect URI Parameters.

 

But I am using the Authorization Code Grant Flow and there is no description what parameters are sent. Looking at the request I am getting from FitBit server, it seems to me that only the code (authorization) and redirect_url values are sent. I am wondering why there are not fields such as client_id ot user_id.

 

I would appreciate any feedback you can provide.

Thanks! Radim

 

 

Best Answer
0 Votes

‎02-07-2018 09:28

‎02-07-2018 09:28

@RadimV once you exchange you code to the token you should be good. 

The response that you got in Hurl will contain access token and refresh token. You need to copy and paste this response into section [2: Parse Response]. How ever it is just json format and very easily parseable. 

 

Once you exchange your code to token you can start making requests.

 How ever you need to be using Bearer token, not Basic.

Best Answer
0 Votes

‎02-08-2018 05:14 - edited ‎02-08-2018 07:18

In response to IoanbsuFitbit

‎02-08-2018 05:14 - edited ‎02-08-2018 07:18

Thanks, it is working right now.

Anyway ...

1) it seems to me that the authorization code is valid for less than 1 hour as mentioned in the Authorize section. Here is a default value for expiration is 604800 ms, which is 10 min, but when I try to use this auth. code several times after while I get an error message : invalid auth. code

2) when I click on the the authorization URL I am getting still error : 

 

An internal server error occured: Sequential processing failed for number 0. Exchange[ID-vsa3646630-42521-1517320926139-178-351]. Caused by: [org.apache.camel.component.ahc.AhcOperationFailedException - HTTP operation failed invoking https://api.fitbit.com/1/user/-/activities/apiSubscriptions/xxxxx.json with statusCode: 409].
The MPL ID for the failed message is : AFp8PsVVufSrckkhNuryazp7UXQ7
For more details please check tail log.

Any idea ?

In our system I can see in the log : org.apache.camel.component.ahc.AhcOperationFailedException: HTTP operation failed invoking https://api.fitbit.com/1/user/-/activities/apiSubscriptions/xxxx.json with statusCode: 409

Any idea ? When I can find the tail.log ? 

3)  Can I share the same ID subscription among more then one FitBit account ?

4)  Do I need to fill in the subscriber/endpoint URL field before clicking on the authorization URL link ? 

Best Answer
0 Votes

‎02-08-2018 09:13

In response to RadimV

‎02-08-2018 09:13

@RadimV

1) yes the authorization code is short-lived. We expect you exchange your authorization code as soon as you receive it. Also you can only use authorization code once. Once you use it, the code becomes invalid.

2) I'm not exactly sure what you trying to do here. The [subscriptions api] and [access_token(AT)+refresh_token(RT) acquire] are two different cases. First, you get a AT + RT when you go through OAuth2.0 authorization code flow. After that you can(optionally) add subscriptions as it described here: https://dev.fitbit.com/build/reference/web-api/subscriptions/

My best guess here would be that you're trying to use your subscription URL as your callback URL. If this is what happening, then you need to update your code to use real callback url that you specified in your app settings under "Callback URL" section.

3) Yes you can have 1 subscription URL for all actions/users. Or you can have several subscription URLs - up to you.

4) No, you don't have to do that. Subscriptions API is completely separate and independent feature from OAuth2.0 flow. You can use Fitbit API and have zero subscriptions. Subscriptions API is optional feature.

 

Best Answer
0 Votes