Describe the bug
When running garmin-mcp-auth on an account with email-based MFA (mandatory for accounts with ECG-capable devices), authentication fails at the widget+cffi step with the following error:
widget+cffi failed: Widget login: unexpected title 'GARMIN Authentication Application'
✗ Authentication failed
Invalid email or password.
The "Invalid email or password" message is misleading — credentials are correct. The real issue is that the widget+cffi strategy doesn't handle the email MFA page.
Environment
Device: Garmin Venu 4 (ECG-capable → MFA mandatory, cannot be disabled)
MFA type: Email (one-time code sent to registered email)
OS: Windows 11
Command: uvx --python 3.12 --from git+https://github.com/Taxuspt/garmin_mcp garmin-mcp-auth
Full output
mobile+cffi returned 429: Mobile login returned 429 — IP rate limited by Garmin
mobile+requests returned 429: Mobile login returned 429 — IP rate limited by Garmin
widget+cffi failed: Widget login: unexpected title 'GARMIN Authentication Application'
✗ Authentication failed
Invalid email or password.
Root cause
The widget+cffi strategy (which correctly bypasses the per-account 429 rate limit) handles MFA when the page title is "Enter MFA code for login". However, email-based MFA renders a page with the title "GARMIN Authentication Application" instead. The strategy doesn't recognise this title and fails silently.
Background: the widget+cffi approach was introduced to bypass per-account 429 rate limiting (see cyberjunky/python-garminconnect#344), and works correctly for TOTP/authenticator MFA. Email MFA uses a different page title in Garmin's SSO flow.
Expected behavior
The tool should recognise the "GARMIN Authentication Application" page title as an email MFA prompt, display a message like "Check your email for a one-time code", wait for user input, and submit the code to complete authentication.
Possible fix
In the widget+cffi login handler, extend the MFA title check to also match "GARMIN Authentication Application" alongside the existing "Enter MFA code for login" check, then POST the entered code to /sso/verifyMFA/loginEnterMfaCode.
Additional context
Accounts linked to ECG-capable devices (Venu 4, Fenix 8, etc.) have MFA permanently enforced by Garmin and cannot disable it. This makes garmin-mcp-auth completely non-functional for a non-trivial subset of users. Fixing email MFA support in widget+cffi would unblock all of them.
Describe the bug
When running garmin-mcp-auth on an account with email-based MFA (mandatory for accounts with ECG-capable devices), authentication fails at the widget+cffi step with the following error:
widget+cffi failed: Widget login: unexpected title 'GARMIN Authentication Application'
✗ Authentication failed
Invalid email or password.
The "Invalid email or password" message is misleading — credentials are correct. The real issue is that the widget+cffi strategy doesn't handle the email MFA page.
Environment
Device: Garmin Venu 4 (ECG-capable → MFA mandatory, cannot be disabled)
MFA type: Email (one-time code sent to registered email)
OS: Windows 11
Command: uvx --python 3.12 --from git+https://github.com/Taxuspt/garmin_mcp garmin-mcp-auth
Full output
mobile+cffi returned 429: Mobile login returned 429 — IP rate limited by Garmin
mobile+requests returned 429: Mobile login returned 429 — IP rate limited by Garmin
widget+cffi failed: Widget login: unexpected title 'GARMIN Authentication Application'
✗ Authentication failed
Invalid email or password.
Root cause
The widget+cffi strategy (which correctly bypasses the per-account 429 rate limit) handles MFA when the page title is "Enter MFA code for login". However, email-based MFA renders a page with the title "GARMIN Authentication Application" instead. The strategy doesn't recognise this title and fails silently.
Background: the widget+cffi approach was introduced to bypass per-account 429 rate limiting (see cyberjunky/python-garminconnect#344), and works correctly for TOTP/authenticator MFA. Email MFA uses a different page title in Garmin's SSO flow.
Expected behavior
The tool should recognise the "GARMIN Authentication Application" page title as an email MFA prompt, display a message like "Check your email for a one-time code", wait for user input, and submit the code to complete authentication.
Possible fix
In the widget+cffi login handler, extend the MFA title check to also match "GARMIN Authentication Application" alongside the existing "Enter MFA code for login" check, then POST the entered code to /sso/verifyMFA/loginEnterMfaCode.
Additional context
Accounts linked to ECG-capable devices (Venu 4, Fenix 8, etc.) have MFA permanently enforced by Garmin and cannot disable it. This makes garmin-mcp-auth completely non-functional for a non-trivial subset of users. Fixing email MFA support in widget+cffi would unblock all of them.