SBBOAuthManagerProtocol Protocol Reference

Conforms to SBBBridgeAPIManagerProtocol
Declared in SBBOAuthManager.h


This protocol defines the interface to the SBBOAuthManager’s non-constructor, non-initializer methods. The interface is abstracted out for use in mock objects for testing, and to allow selecting among multiple implementations at runtime.

– getAccessTokenForVendor:authCode:completion: required method

Obtain an OAuth Access Token for the given vendor ID and, optionally, an authorization code.

- (NSURLSessionTask *)getAccessTokenForVendor:(NSString *)vendorId authCode:(nullable NSString *)authCode completion:(nullable SBBOAuthManagerGetCompletionBlock)completion



The Bridge vendor ID for the vendor (e.g. “fitbit”) from which you obtained the authorization code.


The authorization code you obtained from the vendor via their OAuth 2.0 authorization code grant flow. Optional.


An SBBOAuthManagerUpdateCompletionBlock to be called upon completion. Optional.

Return Value

An NSURLSessionTask object so you can cancel or suspend/resume the request.


The authorization code will have been obtained by your app from the vendor (e.g., Fitbit) via their OAuth 2.0 authorization code grant flow. The Bridge server will exchange this code for an access token and a refresh token.

Once you’ve passed an authorization code to Bridge for a given vendor, you can obtain the current valid access token for that vendor by calling this method with nil as the authCode parameter. If the access token Bridge has on file has expired, it will use the refresh token to get a new one (and a new refresh token) and return the new one.

Access to a locally-cached version of the OAuthAccessToken is not provided by this SDK since you would need a working Internet connection to make use of it anyway. You may, of course, cache it yourself if you so desire, but if you do, you will want to pay attention to the expiration date. As long as the owner of the oauth'ed vendor account doesn’t manually revoke the authorization, once access is granted, barring network errors this method should always return a current valid access token.

You might not bother with a completion block if the client doesn’t actually need the access token for its own use–for example, you’re just having the study participant grant access to their vendor data so Bridge can import it periodically and push it to Synapse tables.

Declared In