05-10-2021 01:36
05-10-2021 01:36
Hi,
we're trying to use the authorization code to exchange the token (following the authorization code grant flow),and get 500 error with the response:
{"errors":[{"errorType":"request","fieldName":"n/a","message":null}],"success":false}
request detail:
POST https://api.fitbit.com/oauth2/token,
Authorization header is set.
body params: client_id=xxxx,grant_type=anthorization_code,rediect_uri=xxx,code=xxx
the response looks strange and we don't know what part in the requst is wrong.
can anyone please help?
05-12-2021 16:15
05-12-2021 16:15
Hi @alex0234
I'm not sure if the body parameters listed is exactly how it's written in your code, but redirect_uri is misspelled. If correcting the spelling doesn't work, please PM me your client ID. I'll check out logs for additional errors.
Gordon
05-14-2021 02:11
05-14-2021 02:11
Hi,
Thanks for replying. Sorry for the misspell in the question, redirect_uri is spelled right in the real request.
I'll PM the client ID.
05-14-2021 02:21
05-14-2021 02:21
the client id is "23B4BX"
05-17-2021 11:48
05-17-2021 11:48
Thank you, @alex0234 I see that part of the authorization is successful. Are you implementing the authorization code grant flow or authorization code grant flow with PKCE?
05-20-2021 10:39
05-20-2021 10:39
Hi @alex0234
Another set of developers reported a similar issue and that conversation can be found here: https://community.fitbit.com/t5/Web-API-Development/500-error-while-calling-API-from-local-host/m-p/.... We have found a problem in our code and working on a fix. We should have it resolved on Monday, May 24. I'll post an update here once the fix has been applied.
Thank you for your patience.
05-24-2021 13:48
05-24-2021 13:48
We pushed the fix this morning. I've tested it and it worked. To have the fix applied to your application, you will need to reset your client secret by pressing the "Reset Client Secret" button on the summary page of your registered application.
Once you reset your client secret, you will need to change the client secret value in your code where you build the basic token. Your existing connected users will not need to re-consent with your application.
If you have any problems, please let us know.
07-02-2021 08:35
07-02-2021 08:35
I believe I am experiencing similar issue. I went on to reset client secret, but I got a warning popup stating: "Are you sure you want to reset the client secret for this application? All subscriber verification codes will be reset and all subscribers will need to be reverified." Since you said at the previous comment that existing users won't need to re-consent with our application, can you confirm this won't reset any of their information?
Thanks 😊