help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unannounced breaking changes to error responses around 11AM PDT today?

ANSWERED

‎10-15-2015 14:23 - edited ‎10-15-2015 14:29

‎10-15-2015 14:23 - edited ‎10-15-2015 14:29

Hey Fitbit,

 

We got our OAuth 2.0 integration all completed and it was working great. But as of this morning (around 11 am PDT), it seems that you have changed the error that is sent when there is an error refreshing token, along with the status code. I don't see anything in the docs or the forums about the changes.

 

Previously we were seeing this sent back as a 401 when getting token refresh errors:

 

{"errors":[{"errorType":"oauth","fieldName":"refresh_token","message":"Refresh token invalid: <user refresh token here>"}],"success":false}

Now we are seeing this sent back as a 400:

{"errors":[{"errorType":"invalid_grant","message":"Refresh token invalid or expired: <user refresh token here>. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}

Access token error responses also changed in the same way (error_type changed, response status code changed).

 

So I just want to make sure that you changed it without updating docs/sending out notices/warnings and I'm not going crazy.

 

Things like this are a breaking change for some apps, like ours. We've now had users incorrectly notified of failed account statuses because of these unannounced changes. Now that OAuth 2.0 is out of beta I thought that we would get greater than 30 days notice before a breaking change...

 

Thanks!

Best Answer
Labels:
0 Votes
1 BEST ANSWER

Accepted Solutions

‎10-15-2015 14:37

‎10-15-2015 14:37

Hi @robbiet480, we actually did announce changes to the error responses on Monday. Unfortunately, there was a production release delay, so they did not get released until today.

View best answer in original post

Best Answer
0 Votes
2 REPLIES 2

‎10-15-2015 14:37

‎10-15-2015 14:37

Hi @robbiet480, we actually did announce changes to the error responses on Monday. Unfortunately, there was a production release delay, so they did not get released until today.

Best Answer
0 Votes

‎10-15-2015 14:40

In response to JeremiahFitbit

‎10-15-2015 14:40

@JeremiahFitbit Yup, you're right. I remembered seeing that line in the email but didn't realize it until you mentioned it. When I started debugging this this morning I was working off the developer docs which still seem to be using the old format, and there was no note that I found on the page about changes to errors.

 

As always, thanks Jeremiah!

Best Answer
0 Votes