Login Garmin and 2FA

[NAmRoD21v]

When I try to run the sync with 2FA on, I get the following error message. Is works flawlessly when I turn 2FA off. Is it possible to implement 2FA so I can run the sync with 2FA on?

2021-11-17 18:43:41,505 - withings - INFO - Refresh Access Token
2021-11-17 18:43:41,931 - withings - INFO - Get Measurements
2021-11-17 18:43:42,137 - root - INFO - No Trainerroad username or a new measurement - skipping sync
Traceback (most recent call last):
  File "C:\Program Files\Python310\lib\runpy.py", line 196, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "C:\Program Files\Python310\lib\runpy.py", line 86, in _run_code
    exec(code, run_globals)
  File "C:\Users\Daniel\AppData\Roaming\Python\Python310\Scripts\withings-sync.exe\__main__.py", line 7, in <module>
  File "C:\Users\Daniel\AppData\Roaming\Python\Python310\site-packages\withings_sync\sync.py", line 196, in main
    sync(**vars(args))
  File "C:\Users\Daniel\AppData\Roaming\Python\Python310\site-packages\withings_sync\sync.py", line 184, in sync
    session = garmin.login(garmin_username, garmin_password)
  File "C:\Users\Daniel\AppData\Roaming\Python\Python310\site-packages\withings_sync\garmin.py", line 156, in login
    session = self._get_session(email=username, password=password)
  File "C:\Users\Daniel\AppData\Roaming\Python\Python310\site-packages\withings_sync\garmin.py", line 93, in _get_session
    raise APIException('SSO error %s %s' % (ssoResp.status_code, ssoResp.text))
withings_sync.garmin.APIException: SSO error 302

[longstone]

I think this issue would be resolved by switching to OAuth, see also #3.

[LsVzqz]

I'm also having this issue, in case someone figures out how to solve around the email/2FA code sent.

EDIT: In case others are in the same position as me, I do not want to deactivate my 2FA set up, so every so often (every few days or so), I output a .fit file and just import it manually while I'm logged in. Works for me in the mean time.

The command I use is:
withings-sync.exe --no-upload --to-fit --output name_of_file

[pentafive]

Garmin updated the firmware on my watch to support their EKG app. If you use that app it will force 2FA saying "Permanent two-step verification has been enabled." Even if you uninstall the EKG app, you won't be able to turn off 2FA.

Right now I'm using manual workaround from @LsVzqz (Thanks!) however it's not ideal.

[radu-solomon]

Same issue here. @LsVzqz thanks for the suggestion. Using that manually for now.

[midzelis]

Oh man - mandatory 2FA seems a bit much! At least they are emailing the code, which means you can automate it. Just need to add another script that automatically logs in to your email server (using IMAP/POP3) and looks for the code.

Is it possible to register your own 2FA generator? If so, then its even easier - the TOPT generators are really simple as well. The only time this becomes a real problem is if they start requiring their own proprietary to send you a push notification. You wouldn't be able to intercept that.

[Cloud9Developer]

Just seeing this thread. I, too, have been plagued by the "Permanent MFA" due to the ECG app. Any quick/easy workarounds for this? (I'm currently doing the manual export/import in garmin connect)

[pentafive]

Just seeing this thread. I, too, have been plagued by the "Permanent MFA" due to the ECG app. Any quick/easy workarounds for this? (I'm currently doing the manual export/import in garmin connect)

Not that I've seen. This will require changes to code for sure. I've been manually downloading the .fit file and uploading to connect manually.

[Cloud9Developer]

Just seeing this thread. I, too, have been plagued by the "Permanent MFA" due to the ECG app. Any quick/easy workarounds for this? (I'm currently doing the manual export/import in garmin connect)

Not that I've seen. This will require changes to code for sure. I've been manually downloading the .fit file and uploading to connect manually.

Same. Was hoping there was a workaround since I would rather it be automated lol. I may try to fork the project and fix it (If I can). Haven't done much in the way of MFA before, but we'll see (If I can find the time lol)

[stynoo]

It looks like this project has Garmin MFA support figured out.

[Cloud9Developer]

Gonna take a look at that then! May take a while to understand how it works, but thanks for the lead!

[Cloud9Developer]

It's a bit clunky, but it works :)

https://github.com/Cloud9Developer/withings-garmin-mfa

[matin]

Garth migration solved this

[LsVzqz]

Garth migration solved this

How do I use the garth migration? Is that a different project?

[matin]

It's already migrated. Upgrade to the latest version

[Cloud9Developer]

I see the update. When you get the auth token, it doesn't have an expiration ever? I'm asking because I am setting this up to use cron and would like to basically forget about it

[matin]

The expiration of the MFA token (part of the OAuth1 token) is one year.