Remove SSO_PAGE_HEADERS from login POST and MFA verify

[matin]

Summary

PR #215 re-introduced browser headers (SSO_PAGE_HEADERS) on the login POST and MFA verify. This is the same regression as 0.7.7 (fixed in 0.7.8). These are mobile API endpoints that expect the default GCM-iOS user agent — browser headers cause 401/429.

Confirmed via logfire session 3da2a002cbad48ea — login POST sending browser UA and getting 429.

Header rules:

• Page requests (sign-in, embed): browser headers (SSO_PAGE_HEADERS)
• Mobile API (login POST, MFA verify): default session UA (GCM-iOS-5.22.1.4)
• OAuth1 (preauthorized, exchange): Android UA (com.garmin.android.apps.connectmobile)

Test plan

• 163 tests pass

🤖 Generated with Claude Code

Summary by CodeRabbit

• Bug Fixes

  • Fixed authentication request header handling during login and multi-factor authentication verification.

• Chores

  • Version updated to 0.7.12.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 6a5c2d89-3fd3-4e69-8a38-3489c00ebcc8

📥 Commits

Reviewing files that changed from the base of the PR and between 6c1b537 and f950306.

📒 Files selected for processing (2)

• src/garth/sso.py
• src/garth/version.py

💤 Files with no reviewable changes (1)

• src/garth/sso.py

---

Walkthrough

Removed SSO_PAGE_HEADERS header injection from login credential submission and MFA verification POST requests in the SSO module, allowing these requests to use default headers. Version number incremented from 0.7.11 to 0.7.12.

Changes

Cohort / File(s)	Summary
SSO Header Configuration src/garth/sso.py	Removed SSO_PAGE_HEADERS injection from two POST requests: credential submission in login() and MFA code verification in handle_mfa(). Initial sign-in GET request retains browser-like headers.
Version Bump src/garth/version.py	Updated exported __version__ constant from 0.7.11 to 0.7.12.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• Use consistent browser headers on all SSO endpoints #211: Modifies SSO request headers for login and MFA POST requests in the same file.
• Revert browser headers on login POST and MFA verify #212: Removes browser-like headers injection from login and MFA POST requests with identical intent.
• Use browser headers on login POST and MFA verify #216: Modifies the same client.post calls for login and MFA but applies opposite changes (adds headers rather than removes them).

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: removing SSO_PAGE_HEADERS from login POST and MFA verify requests, which is the primary objective of the PR to fix a regression.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix-sso-headers-regression

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.91%. Comparing base (6c1b537) to head (f950306).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #218   +/-   ##
=======================================
  Coverage   99.91%   99.91%           
=======================================
  Files          68       68           
  Lines        3569     3569           
=======================================
  Hits         3566     3566           
  Misses          3        3           

Flag	Coverage Δ
unittests	99.91% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.