help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

oAuth2 refresh access token

‎02-16-2016 07:47 - edited ‎02-16-2016 07:48

‎02-16-2016 07:47 - edited ‎02-16-2016 07:48

Hi i keep getting this weird message......

 

1)  This step is Fine.

 

[errors] => Array
        (
            [0] => Array
                (
                    [errorType] => expired_token
                    [message] => Access token expired: eyJhbGciOi******.eyJleHAiOjE0NTU2MjU4NTksInNjb3BlcyI6InJ3ZWkgcnBybyByaHIgcmxvYyBybnV0IHJzbGUgcnNldCByc29jIHJhY3QiLCJzdWIiOiI0OThaUFMiLCJhdWQiOiIyMjdGUUIiLCJpc3MiOiJGaXRiaXQiLCJ0eXAiOiJhY2Nlc3NfdG9rZW4iLCJpYXQiOjE0NTU2MjIyNTl9.xGsTAtK4vXoDyTnK6XPaxze-nsdLFJjIik8q9G3_yz8. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process.
                )

        )

    [success] =>

2) I check to see if my current tokens are what i think they are

 

Array
(
    [access_token] => eyJhbGciOi***************.eyJleHAiOjE0NTU2MjU4NTksInNjb3BlcyI6InJ3ZWkgcnBybyByaHIgcmxvYyBybnV0IHJzbGUgcnNldCByc29jIHJhY3QiLCJzdWIiOiI0OThaUFMiLCJhdWQiOiIyMjdGUUIiLCJpc3MiOiJGaXRiaXQiLCJ0eXAiOiJhY2Nlc3NfdG9rZW4iLCJpYXQiOjE0NTU2MjIyNTl9.xGsTAtK4vXoDyTnK6XPaxze-nsdLFJjIik8q9G3_yz8
    [expires_in] => 3600
    [refresh_token] => c5b6f63bf10669d580f5466275c28877a***************d90e599e557a0
    [scope] => sleep heartrate activity social nutrition settings profile location weight
    [token_type] => Bearer
    [user_id] => 498***
)

 

So that looks oke right? 

 

Step 3) The actual request to refresh my access token. Returns:

 

[errors] => Array
        (
            [0] => Array
                (
                    [errorType] => invalid_grant
                    [message] => Refresh token invalid: c5b6f63bf10669d580f5466275c28877a*************************d90e599e557a0. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process.
                )

        )

    [success] =>

 

What is it that I do wrong here? Yes i have the Authorization headers set, i also have ""Content-Type"  => "application/x-www-form-urlencoded;charset=UTF-8". I really don't get it. Thanks for helping out!

 

Cheers,

 

Digital Human

 

Best Answer
Labels:
0 Votes
9 REPLIES 9

‎02-16-2016 13:54

‎02-16-2016 13:54

Hey @DigitalHuman, check out this related thread here. You also might want to take a look at our docs for token request errors. Hopefully that helps. 🙂

Andrew | Community Moderator, Fitbit

What motivates you?
Best Answer
0 Votes

‎02-17-2016 05:48

In response to AndrewFitbit

‎02-17-2016 05:48

Hi Andrew,

 

Thanks but no this doesn't solve anything. As you can see i use the received refresh token. Still, fitbit tells me this is an invalid token.

 

Cheers

Best Answer
0 Votes

‎02-17-2016 07:02 - edited ‎02-17-2016 07:56

‎02-17-2016 07:02 - edited ‎02-17-2016 07:56

Were there any responses for this? I am getting the same error (the refresh token is invalid, but it cannot be as i am using the one given by Fitbit during the last refresh). The weird part is that i am seing this just for some of the refresh tokens, while most work just fine. 

Also, I want to mention we are handling any potential race conditions by using distributed locks.

Best Answer

‎02-17-2016 07:04

In response to RoxanaF

‎02-17-2016 07:04

We're having the exact same issue on intermitten users and calls -- cannot find a root cause pattern.

Best Answer

‎02-17-2016 11:34

In response to AnthonyValidic

‎02-17-2016 11:34

Idd, tried today with new written basic Curl function. Same issues with all refresh tokens. API just dont accept any of them.

Best Answer
0 Votes

‎02-17-2016 14:19

In response to DigitalHuman

‎02-17-2016 14:19

@DigitalHuman You might want to take a look at @JeremiahFitbit's response about refresh tokens. If that doesn't help, can you please capture the HTTP request and response? You can use a tool like Runscope Traffic Inspector.

 

For reference, here's cases where refresh tokens can be invalidated/expired:

1. User revokes access to your application

2. The refresh token is used to obtain a new access token and new refresh token

3. The user goes through the Authorization process again and gets a new refresh token

(At any given time, there is only 1 valid refresh token.)

 

Andrew | Community Moderator, Fitbit

What motivates you?
Best Answer
0 Votes

‎02-24-2016 16:37 - edited ‎02-25-2016 09:50

‎02-24-2016 16:37 - edited ‎02-25-2016 09:50

@AndrewFitbit, we are also seeing intermittent failures with refresh tokens being considered invalid. None of the scenarios you mentioned are occurring. Any ideas what we could investigate next? Thanks!

 

If I provide my client id and secret (privately), will you guys be able to point me to any potential problems we may be running into with our request pattern?

Best Answer
0 Votes

‎03-01-2016 06:38 - edited ‎03-01-2016 23:09

‎03-01-2016 06:38 - edited ‎03-01-2016 23:09

@AndrewFitbit,

 

Getting the same error (the refresh token is invalid) while trying to generate access token using latest refresh token. It is failing in the below mentioned scenario. Please go through the following scenario and let me know if there is any issue from my end or Fitbit server.

 

I got access token and refresh token from Fitbit.
Now using the access token, made request for fetching the activity details immediately (i.e., before access token expire). The request is successful.

 

Now after one hour, I again made another request for fetching the activity details (access token is expired and got the below response).

 

Request 1:

 

GET /1/user/-/activities/date/2016-03-01.json HTTP/1.1

Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.--------------------------------_OBy0FSyoKAK7ec

Accept: application/json

User-Agent: RestSharp/104.4.0.0

Host: api.fitbit.com

Accept-Encoding: gzip, deflate

Connection: Keep-Alive

 

Response 1:

 

{"errors":[{"errorType":"expired_token","message":"Access token expired: eyJhbGciOiJIUzI1NiJ9.--------------------------------_OBy0FSyoKAK7ec. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}

 

So I made a request for generating the access token again using the refresh token and got the below response

 

 

Request 2:

 

POST https://api.fitbit.com/oauth2/token HTTP/1.1

Authorization: Basic MjI5WFdUOmRk-----------------M1ZTlhYjMx

Accept: application/json, application/xml, text/json, text/x-json, text/javascript, text/xml

User-Agent: RestSharp/104.4.0.0

Content-Type: application/x-www-form-urlencoded

Host: api.fitbit.com

Content-Length: 103

Accept-Encoding: gzip, deflate

Connection: Keep-Alive

 

grant_type=refresh_token&refresh_token=85a39fafd---------------------a2f53e02

 

Response 2:

 

{"errors":[{"errorType":"invalid_grant","message":"Refresh token invalid: 85a39fafd---------------------a2f53e02. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."}],"success":false}


But the same request for generating the access token is working in following scenario:

 

  1. I connected my app user to Fitbit account. I got access token and refresh token
  2. Now I made a request for generating the access token again using the refresh token after 1 hour. The request is successful and new access token and refresh token is generated. (But didn’t make any request for fetching Fitbit resource between refreshing access token (activity, sleep etc.)).

 

    For your reference

  1. I did not revoke access to your application.
  2. I’m using the latest refresh token.

 

Best Answer
0 Votes

‎03-02-2016 13:10

In response to messi

‎03-02-2016 13:10

@messi There's a post from Jeremiah in this thread here that might help.

Andrew | Community Moderator, Fitbit

What motivates you?
Best Answer
0 Votes