FitTrack_GarminSync/specs/003-loginimprovements-use-the/research.md at 3819e4f5e2c1606d0f65768b749a474e3183d342

mirror of https://github.com/sstent/FitTrack_GarminSync.git synced 2026-01-25 16:41:41 +00:00

Files

sstent 3819e4f5e2 feat: Implement Garmin sync, login improvements, and utility scripts

2025-10-11 11:56:25 -07:00

Phase 0: Outline & Research

Decision: The API client will not send an Authorization header for subsequent sync operations (e.g., /api/sync/garmin/activities).
Rationale: The feature specification (spec.md) explicitly states that "the api caller should not need a cookie - all state should be global for the Garmin Sync service" and that the service operates as a single-user system, implicitly using the stored Garmin credentials after a successful /api/garmin/login. This clarifies the discrepancy with the sync_garmin_activities.json contract, which showed an Authorization: Bearer <token> header.
Alternatives considered:
- Client sending an APP_BEARER_TOKEN (rejected as it contradicts the stateless client requirement).
- Client sending a session cookie (rejected as it contradicts the stateless client requirement).