Required Garmin updates #304
Description
- Seems Garmin support OAuth2.0 (PKCE) now. We should deprecate our OAuth1.0 implementation and add the OAuth2.0 flows for Garmin (most of it should already be reusable from fitbit and oura). Docs - https://developerportal.garmin.com/sites/default/files/OAuth2PKCE.pdf
- We need to add a User permission endpoint. This will enable us to handle users changing permissions for radar-base client app. This ties in nicely with the scoping information feature in Add information on scope for clients #300. While signing up, users may only opt in for fewer permissions; this endpoint also helps fetching a user's permissions.
- We need to fix the User deregistration/revoke token functionality for Garmin. More details in the starting guide -- https://developerportal.garmin.com/sites/default/files/Garrmin%20Developer%20Program%20Start%20Guide_6.zip.
We should also retry (in a stateful way, perhaps using redis) to attempt the revoke token again in cases of failure as otherwise we will keep receiving data for a user that is not present in our repo anymore.
Delete User Access Token
This service provides the ability to remove a user from your program, specific to the consumer key being used, by
deleting the UAT. After being called, a final User Deregistration notification will be sent as though the user had
withdrawn access through Garmin Connect (if enabled).
Immediately following the Deregistration ping, all notifications for that user will immediately stop and any attempts to
request data with that UAT will be rejected as unauthorized. The deleted UAT cannot be restored. The same user (with
the same Garmin Connect account) going through the OAuth a second time will generate a completely different UAT.
This endpoint must be called if the partner website or application provides a “Delete My Account” or “Opt-Out”
mechanism outside of the normal Garmin Connect consent removal process or in any other case where the user would
reasonably believe the partner program is giving them the opportunity to remove their consent to share Garmin data.
Request URL to delete a user registration
DELETE : https://apis.garmin.com/wellness-api/rest/user/registration
No parameters are required for this request. The user access token is taken from the OAuth header.
Response: On a successful request, this service returns HTTP 204 (no content) with no response body.