No `oauth_callback` parameter in Garmin oauthConfirm URI

[gearoidgit]

Using express and trying to get the garmin flow working. The URI for the redirect doesn't seem to have any oauth_callback parameter in it https://connect.garmin.com/oauthConfirm?oauth_token=<redacted>

My config.json

{
  "defaults": {
    "origin": "https://example.local:3000",
    "transport": "session"
  },
  "twitter": {
    "key": "[CONSUMER_KEY]",
    "secret": "[CONSUMER_SECRET]",
    "callback": "/handle_twitter_callback"
  },
  "garmin":{
    "key": "[redacted]",
    "secret": "[redacted]",
    "callback": "/handle_garmin_callback"
  }
}

[simov]

What is the redirect URL of your OAuth app? It have to be:

https://example.local:3000/connect/garmin/callback

[gearoidgit]

Is this as defined for my app within Garmin ?

[gearoidgit]

Is this as defined for my app within Garmin ?

I understand now and the answer is yes. Thanks !

I have a follow on question. Garmin supports providing the oauth_callback in the GET as a way to override the value that's configured in the OAuth App. Is is possible to configure grant to send the oauth_callback parameter ?

[simov]

I'm not sure I understand the question. Also is there any publicly available documentation about this topic for Garmin in particular?

You can't override the callback that's being set for your OAuth app, because that will be a security issue. Imagine anyone being able to impersonate you and your app, and issue tokens on your behalf.

[gearoidgit]

I don't think there is any public garmin API documents. This is the relevant part of the OAuth1 specification.

I was wondering if grant has a way to send the additional parameters that are mentioned in the specification.

Thanks for the quick answers. I have grant working now by correctly setting the callback in my App.

[ir-fuel]

What is the redirect URL of your OAuth app? It have to be:

https://example.local:3000/connect/garmin/callback

Sorry for this semi-offtopic reply here, but is this documented somewhere? I only stumbled upon this by accident as my flow currently is "stuck" at the oauth_token=&oauth_verifier= callback, since that's a custom URL I setup in my Express app and in the Garmin App configuration on their website. I never get to step 3 of OAuth1 as step 2 is received in my custom callback url and I was looking how to make sure grant can handle this. Apparently there is a fixed endpoint for this of which I was not aware.

On a different note: the difference between callback and redirect_uri is also unclear to me.

[simov]

I can see how this can be confusing. I tried explaining it here. The gist of it is that:

1. redirect_uri is the one that you have to set for your app, and it always have to ends with /[provider]/callback
2. then you can have an actual callback path, but that is where you want to receive the response data

@ir-fuel let me know if that makes sense, also feel free to open up another issue if you see fit.

[ir-fuel]

Yes that makes sense. The confusion comes from that you have a redirect_uri and callback, but Garmin wants to you configure a callback url in the app settings, which is the same as your redirect_uri