"Invalid_Grant" using Authorization Code

strmng · ‎02-17-2023

Hello,

I have a client_id and client_secret associated with my account. I am trying to write a script to get intraday data from some of the users registered under my client id.

I am using this URL:

https://www.fitbit.com/oauth2/authorize?client_id=<client_id>&prompt=consent&redirect_uri=<redirect_url>&response_type=code&scope=activity+heartrate+location+nutrition+profile+settings+sleep+social+weight&state

Once I get the callback, I am using the code and trying to exchange the Authorization Code for the Access and Refresh Tokens.. However, I keep getting an "invalid_grant" error, saying that my "authorization code is invalid".

Can someone help me understand what's going wrong?

Thank you!

Gordon-C · ‎02-22-2023

Hi @strmng

Would you please what you are pulling out of the redirect URL as the authorization code? If the redirect is

https://myapp.com/callback?code=d62d6f5bdc13df79d9a5f#_=_

the authorization code is in bold: d62d6f5bdc13df79d9a5f

If this is correct in your use case, please provide the endpoint and headers you're using to exchange the authorization code for the access and refresh tokens.

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

Join us on the Community Forums!

Community Guidelines

Learn the Basics

Join the Community!

Not finding your answer on the Community Forums?

Go to the Help Site

Contact Support

"Invalid_Grant" using Authorization Code

strmng

Gordon-C