Already minted tokens work, they broke the login process.

For now its just tls fingerprinting, not client attestation - so, I managed to implement a working solution. But I am sure they will tighten the screws still further.

Same here. I've been scraping the data from my Garmin watch for years with very little problems (first with https://github.com/tcgoetz/GarminDB, then https://github.com/sealbro/dotnet.garmin.connect).

The only annoyance is that Garmin requires 2FA if you enable the ECG feature on your smart watch/fitness tracker, but I have a small program that reads the 2FA codes from my Gmail inbox and supplies them to the scraper without too much trouble.