04-07-2017 13:49 - edited 04-08-2017 12:42
04-07-2017 13:49 - edited 04-08-2017 12:42
I'm referencing this thread:
https://community.fitbit.com/t5/Web-API-Development/polling-fitbit-api/m-p/1886197#U1886197
How does one detect when a refresh token has expired? There is such a notion for access token. This is concerning the rest of this thread where I ask how to get refresh tokens for users that were spent in error? The answer was to contact fitbit support. The part I don't know is what response from fitbit will clue me in that the refresh tokens are expired (not invalid - which I think means the user revoked access or never gave it in the first place)
Refresh Token Errors
See the Access Token Request - 401 Unauthorized section above for error descriptions that are not specific to refresh token requests. However, for 401 errors that occur during a refresh token request, the API will respond with a WWW-Authenticate header with a value of Bearer realm="api.fitbit.com", rather than a value of Basic realm="[redirect_uri]".
400 Bad Request
Error Response
refresh_token - invalid | {"errors":[{"errorType":"invalid_grant","message":"Refresh token invalid: [access_token]"}],"success":false} |
refresh_token - missing | {"errors":[{"errorType":"invalid_request","message":"Missing parameters: refresh_token"}],"success":false} |
grant_type - missing | {"errors":[{"errorType":"invalid_request","message":"Missing 'grant_type' parameter value."}],"success":false} |
grant_type - invalid | {"errors":[{"errorType":"unsupported_grant_type", "message":"The authorization grant_type is not supported."}],"success":false} |