help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

oauth_token & oauth_verifier life period

ANSWERED

‎07-14-2014 10:36

‎07-14-2014 10:36

Hi,

When user gets authenticated and receive back the auth_token and auth_verifier. Does these values received after authentication get expired? is there a way to can get a permanent auth_token & auth_verifier so they want get expired?

 

Thanks

Best Answer
0 Votes
1 BEST ANSWER

Accepted Solutions

‎07-14-2014 14:41

In response to rana

‎07-14-2014 14:41

Nope, once you've got permanent access token and access token secret you need to store them somewhere and you can reuse it as long as you need.

The only cases when your access token + access token secret for particular user A can become invalid are: 

1) User revokes access for your app to his data from fitbit.com settings page

2) You/your app asks for new access token + access token secret. Every time new access token+accesstoken secret are issued the previous one becomes expired.

Ivan Bahdanau
Senior Software Developer at Fitbit

View best answer in original post

Best Answer
0 Votes
6 REPLIES 6

‎07-14-2014 11:28 - edited ‎07-14-2014 11:28

‎07-14-2014 11:28 - edited ‎07-14-2014 11:28

Based on your description you don't have permanent access token and access token key...

You need to exchange the verifier that you've got to permanent access token key and secret.

Seems like you've done steps A-B-C  in this diagram: https://wiki.fitbit.com/display/API/OAuth+Authentication+in+the+Fitbit+API#OAuthAuthenticationintheF...

you still need to do D-E-F to get your permanent access token and secret which won't expire unless you ask for new ones.

 

Ivan Bahdanau
Senior Software Developer at Fitbit
Best Answer
0 Votes

‎07-14-2014 14:11

In response to ibahdanau

‎07-14-2014 14:11

Let me tell you the steps for my application to access user A data:

1- Today, User A click on fitbit url on my app and get fitbit login page to give authorization.

2- I get auth_token & auth_verifier.

3- use the above values to get APIResourceCredentials object by passing the auth_verifier

4- I get access_token & access_secret as part of APIResourceCredentials object.

5- I can access user data now.

 

Tomorrow I want to access User A data again, do I have to go through the above steps again or there is a call form your api where I can pass access_token & access_secret for user A and get his data?

 

Thanks

 

Best Answer
0 Votes

‎07-14-2014 14:41

In response to rana

‎07-14-2014 14:41

Nope, once you've got permanent access token and access token secret you need to store them somewhere and you can reuse it as long as you need.

The only cases when your access token + access token secret for particular user A can become invalid are: 

1) User revokes access for your app to his data from fitbit.com settings page

2) You/your app asks for new access token + access token secret. Every time new access token+accesstoken secret are issued the previous one becomes expired.

Ivan Bahdanau
Senior Software Developer at Fitbit
Best Answer
0 Votes

‎08-03-2014 20:40

In response to ibahdanau

‎08-03-2014 20:40

Hi but how can i implement steps D-E-F can you give me example in c#?

Best Answer
0 Votes

‎08-03-2014 21:18

In response to Nikunj231991

‎08-03-2014 21:18

Please refer to this page: https://dev.fitbit.com/apps/oauthtutorialpage

It explains every step of oauth 1.0a flow and builds CURL commands for you so you can see what requests are made and how they are signed.

Also check out this video:  https://www.youtube.com/watch?v=5r-Tnn781gs that explains how to use oauth tutorial page.

Best Answer
0 Votes

‎08-03-2014 22:10

In response to Nikunj231991

‎08-03-2014 22:10

Also take a look at the Fitbit.NET library written by another developer: https://github.com/aarondcoleman/Fitbit.NET/

Best Answer