Solved: Nope, once you've got permanent access token and a...

rana · ‎07-14-2014

Hi,

When user gets authenticated and receive back the auth_token and auth_verifier. Does these values received after authentication get expired? is there a way to can get a permanent auth_token & auth_verifier so they want get expired?

Thanks

ibahdanau · ‎07-14-2014

Nope, once you've got permanent access token and access token secret you need to store them somewhere and you can reuse it as long as you need.

The only cases when your access token + access token secret for particular user A can become invalid are:

1) User revokes access for your app to his data from fitbit.com settings page

2) You/your app asks for new access token + access token secret. Every time new access token+accesstoken secret are issued the previous one becomes expired.

Ivan Bahdanau
Senior Software Developer at Fitbit

View best answer in original post

ibahdanau · ‎07-14-2014

Based on your description you don't have permanent access token and access token key...

You need to exchange the verifier that you've got to permanent access token key and secret.

Seems like you've done steps A-B-C in this diagram: https://wiki.fitbit.com/display/API/OAuth+Authentication+in+the+Fitbit+API#OAuthAuthenticationintheF...

you still need to do D-E-F to get your permanent access token and secret which won't expire unless you ask for new ones.

Ivan Bahdanau
Senior Software Developer at Fitbit

rana · ‎07-14-2014

Let me tell you the steps for my application to access user A data&colon;

1- Today, User A click on fitbit url on my app and get fitbit login page to give authorization.

2- I get auth_token & auth_verifier.

3- use the above values to get APIResourceCredentials object by passing the auth_verifier

4- I get access_token & access_secret as part of APIResourceCredentials object.

5- I can access user data now.

Tomorrow I want to access User A data again, do I have to go through the above steps again or there is a call form your api where I can pass access_token & access_secret for user A and get his data?

Thanks

ibahdanau · ‎07-14-2014

Nope, once you've got permanent access token and access token secret you need to store them somewhere and you can reuse it as long as you need.

The only cases when your access token + access token secret for particular user A can become invalid are:

1) User revokes access for your app to his data from fitbit.com settings page

2) You/your app asks for new access token + access token secret. Every time new access token+accesstoken secret are issued the previous one becomes expired.

Ivan Bahdanau
Senior Software Developer at Fitbit

Nikunj231991 · ‎08-03-2014

Hi but how can i implement steps D-E-F can you give me example in c#?

IoanbsuFitbit · ‎08-03-2014

Please refer to this page: https://dev.fitbit.com/apps/oauthtutorialpage

It explains every step of oauth 1.0a flow and builds CURL commands for you so you can see what requests are made and how they are signed.

Also check out this video: https://www.youtube.com/watch?v=5r-Tnn781gs that explains how to use oauth tutorial page.

SunsetRunner · ‎08-03-2014

Also take a look at the Fitbit.NET library written by another developer: https://github.com/aarondcoleman/Fitbit.NET/

Join us on the Community Forums!

Community Guidelines

Learn the Basics

Join the Community!

Not finding your answer on the Community Forums?

Go to the Help Site

Contact Support

oauth_token & oauth_verifier life period

rana

ibahdanau

ibahdanau

rana

ibahdanau

Nikunj231991

IoanbsuFitbit

SunsetRunner