Skip to content

Migrate Garmin Oauth1 to Oauth2.0 #313

New issue
New issue
Open
Open
Migrate Garmin Oauth1 to Oauth2.0#313
Labels
enhancementNew feature or requesthelp wantedExtra attention is neededhigh-priorityroadmapItem on the RADAR-base roadmap
@yatharthranjan

Description

@yatharthranjan
yatharthranjan
opened on Oct 2, 2025

Details from garmin

As part of our platform enhancements, we are transitioning from OAuth 1.0 to OAuth 2.0 to improve security, scalability, and integration flexibility.
This guide outlines the steps to help you migrate your applications smoothly. OAuth 1 will be retried on 12/31/2026
Please get in touch with our support team at connect-support@developer.garmin.com if you have any questions. 

  1. Start the OAuth 1 to OAuth 2 migration 
    When you're ready to migrate an existing OAuth 1 app to OAuth 2: 
    PING/PULL partners: please make sure you are ready for the new PING structure (make sure your server honors the callback URL directly, as an additional token parameter will be added to the callback).
    See section 4.2 of the Activity/Health/Women’s Health API document.
    User access token is no longer the primary user identifier and won’t be present in the PING or PUSH notifications after migration is complete; you must use User ID to identify users.
    Please ensure that you retrieve the user ID for all existing users before migration (see section 3.2 of the Developer Start Guide).
    Contact support and provide the consumer key (list of keys) of the app/apps you'd like to migrate via connect-support@developer.garmin.com. 
    We will convert your account and app/apps to support OAuth 2. 
    This change does not affect any existing users' ability to connect using OAuth 1 or the ability to retrieve data using your existing OAuth 1 tokens.
    Support will respond to your email when the app is converted. A new OAuth 2 secret will be available on the developer portal (apps tab).  
  1. Token Exchange Process 
    Once your app is enabled for OAuth 2, you can begin transitioning individual users: 
    Call the following endpoint to exchange an OAuth 1 token for an OAuth 2 token: 
    https://apis.garmin.com/partner-gateway/rest/user/token-exchange
    The request must be signed using your OAuth 1 credentials. 
    Upon success, you will receive a corresponding OAuth 2 token/refresh token. 
    The original OAuth 1 token remains valid for 30 days after the exchange, allowing you to complete the transition smoothly. 
    New PING/PUSH structure will be in effect after the OAuth 1 token expires.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requesthelp wantedExtra attention is neededhigh-priorityroadmapItem on the RADAR-base roadmap

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions