Revert browser headers on login POST and MFA verify by matin · Pull Request #212 · matin/garth

matin · 2026-03-18T10:59:10Z

Summary

0.7.7 regression: the browser UA on the login POST caused Garmin to reject with 401. The login POST and MFA verify are mobile API endpoints that expect GCM-iOS-*, not a browser UA.

Browser headers should only be on page requests (sign-in, embed) — the JSON API calls use the default session UA.

Test plan

163 tests pass
Manual login verified against real API

🤖 Generated with Claude Code

Summary by CodeRabbit

Refactor
- Simplified SSO and MFA authentication request handling by updating header configuration.
Chores
- Version bumped to 0.7.8.

The login POST and MFA verify are mobile API endpoints that expect GCM-iOS user agent (set on the session). Sending browser headers on these caused Garmin to reject with 401. Browser headers should only be on page requests (sign-in, embed) — not on the JSON API calls. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>

coderabbitai · 2026-03-18T10:59:28Z

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9427c466-c1e5-40be-b6d8-0329da5ec606

📥 Commits

Reviewing files that changed from the base of the PR and between 8d8c768 and 29b5900.

📒 Files selected for processing (2)

src/garth/sso.py
src/garth/version.py

Walkthrough

Removes the SSO_API_HEADERS constant from the SSO module and all its usages in login and MFA verification calls, allowing those requests to rely on session defaults instead of explicitly configured headers. Additionally, the version is bumped from 0.7.7 to 0.7.8.

Changes

Cohort / File(s)	Summary
SSO Header Configuration `src/garth/sso.py`	Removed `SSO_API_HEADERS` constant definition and eliminated all references to it in login and MFA verification function calls, allowing those operations to use default session headers.
Version Update `src/garth/version.py`	Incremented `__version__` from "0.7.7" to "0.7.8".

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

✨ Finishing Touches

📝 Generate docstrings

Create stacked PR
Commit on current branch

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch fix-login-ua-regression

📝 Coding Plan

Generate coding plan for human review comments

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

codecov · 2026-03-18T10:59:55Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.91%. Comparing base (8d8c768) to head (29b5900).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #212      +/-   ##
==========================================
- Coverage   99.91%   99.91%   -0.01%     
==========================================
  Files          68       68              
  Lines        3567     3566       -1     
==========================================
- Hits         3564     3563       -1     
  Misses          3        3

Flag	Coverage Δ
unittests	`99.91% <100.00%> (-0.01%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

matin merged commit 3571c55 into main Mar 18, 2026

matin deleted the fix-login-ua-regression branch March 18, 2026 10:59

This was referenced Mar 19, 2026

Use browser headers on login POST and MFA verify #216

Merged

Remove SSO_PAGE_HEADERS from login POST and MFA verify #218

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Revert browser headers on login POST and MFA verify#212

Revert browser headers on login POST and MFA verify#212
matin merged 1 commit intomainfrom
fix-login-ua-regression

matin commented Mar 18, 2026 •

edited by coderabbitai bot

Loading

Uh oh!

coderabbitai bot commented Mar 18, 2026 •

edited

Loading

Review failed

Uh oh!

codecov bot commented Mar 18, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

matin commented Mar 18, 2026 • edited by coderabbitai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Test plan

Summary by CodeRabbit

Uh oh!

coderabbitai bot commented Mar 18, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Review failed

Walkthrough

Changes

Estimated code review effort

Uh oh!

codecov bot commented Mar 18, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

matin commented Mar 18, 2026 •

edited by coderabbitai bot

Loading

coderabbitai bot commented Mar 18, 2026 •

edited

Loading

codecov bot commented Mar 18, 2026 •

edited

Loading