Garmin connect OAuth user access token

Former Member
Former Member

I'm currently implementing the authorization method for Garmin Connect. 

Up until now, I have successfully retrieved the unauthorized request token/ secret and the token verifier as stated in the documentation of Garmin. However, I get an exception when trying to retrieve the user access token/secret from the Garmin Servers. 

The exception I get is: Invalid signature for signature method

Since the documentation of Garmin states that a Signature Base String must be generated, I thought my exception has something to do with that since I'm not using it anywhere.

I was wondering if someone here can please help me out where to use the signature base string since it does not specify anywhere in the documentation.

Previously this signature base string had to be used when calculating the HMAC-SHA1 signature. But when acquiring user access tokens, this signature is made up with the Consumer Secret and Request Token Secret, separated with '&' character. So I'm stuck on where to include the Signature Base String.

  • Former Member
    0 Former Member over 4 years ago

    Update: I now implemented the signature like so, but it still gives me an Invalid signature for signature method error.

    var baseString '''POST&http%3A%2F%2Fconnectapi.garmin.com%2Foauth-service%2Foauth%2Faccess_token&oauth_consumer_key%3D$oauthConsumerKey%26oauth_nonce%3D$oauthNonce%26oauth_signature_method%3$oauthSignatureMethod%26oauth_timestamp%3D$oauthTimestamp%26oauth_token%3D$oauthToken%26oauth_verifier%3D$oauthVerifier%26oauth_version%3D$oauthVersion''';
    
    var calculatedHMACSHA1SignatureAccessToken =
          _hmacSha1(consumerSecret, baseString);
          
    var headersAccessToken = <String, String> {
          'Authorization' : '''OAuth oauth_verifier="$oauthVerifier", oauth_nonce="$oauthNonce", oauth_token="$oauthToken", oauth_signature="$calculatedHMACSHA1SignatureAccessToken", oauth_consumer_key="$oauthConsumerKey", oauth_timestamp="$oauthTimestamp", oauth_signature_method="$oauthSignatureMethod", oauth_version="$oauthVersion"''',
          'Host': 'connectapi.garmin.com',
          'Accept': '*/*',
        };

  • Friend, were you able to complete the entire process of calling the Garmin APIs? I understood the context of the API's, but I can't execute even step 1, either in Javascript (through an AJAX request) or in PHP. Could you help me with this?
    Thanks!