help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

token request error

‎05-10-2021 01:36

‎05-10-2021 01:36

Hi,

we're trying to use the authorization code to exchange the token (following the authorization code grant flow),and get 500 error with the response:

 {"errors":[{"errorType":"request","fieldName":"n/a","message":null}],"success":false}

 

request detail:

POST https://api.fitbit.com/oauth2/token,

Authorization header is set.

body params: client_id=xxxx,grant_type=anthorization_code,rediect_uri=xxx,code=xxx

 

the response looks strange and we don't know what part in the requst is wrong.

can anyone please help?

 

Best Answer
Labels:
0 Votes
7 REPLIES 7

‎05-12-2021 16:15

‎05-12-2021 16:15

Hi @alex0234 

 

I'm not sure if the body parameters listed is exactly how it's written in your code, but redirect_uri is misspelled.  If correcting the spelling doesn't work, please PM me your client ID.  I'll check out logs for additional errors.

 

Gordon

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer

‎05-14-2021 02:11

In response to Gordon-C

‎05-14-2021 02:11

Hi,

 

Thanks for replying. Sorry for the misspell in the question, redirect_uri is spelled right in the real request.

 

I'll PM the client ID.

Best Answer
0 Votes

‎05-14-2021 02:21

In response to Gordon-C

‎05-14-2021 02:21

@Gordon-C 

the client id is "23B4BX"

Best Answer
0 Votes

‎05-17-2021 11:48

In response to alex0234

‎05-17-2021 11:48

Thank you, @alex0234     I see that part of the authorization is successful.   Are you implementing the authorization code grant flow or authorization code grant flow with PKCE?   

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes

‎05-20-2021 10:39

In response to Gordon-C

‎05-20-2021 10:39

Hi @alex0234 

 

Another set of developers reported a similar issue and that conversation can be found here: https://community.fitbit.com/t5/Web-API-Development/500-error-while-calling-API-from-local-host/m-p/....   We have found a problem in our code and working on a fix.   We should have it resolved on Monday, May 24.   I'll post an update here once the fix has been applied.

 

Thank you for your patience.

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes

‎05-24-2021 13:48

In response to Gordon-C

‎05-24-2021 13:48

We pushed the fix this morning.   I've tested it and it worked.    To have the fix applied to your application, you will need to reset your client secret by pressing the "Reset Client Secret" button on the summary page of your registered application.   

 

GordonFitbit_0-1621889295815.png

 

 

Once you reset your client secret, you will need to change the client secret value in your code where you build the basic token.   Your existing connected users will not need to re-consent with your application.  

 

If you have any problems, please let us know.

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes

‎07-02-2021 08:35

In response to Gordon-C

‎07-02-2021 08:35

I believe I am experiencing similar issue. I went on to reset client secret, but I got a warning popup stating: "Are you sure you want to reset the client secret for this application? All subscriber verification codes will be reset and all subscribers will need to be reverified." Since you said at the previous comment that existing users won't need to re-consent with our application, can you confirm this won't reset any of their information?

Thanks 😊

Best Answer