Automatically detect non-interactive environments and fall back to a manual, code-based authentication flow (#4475)

2025-12-20 08:47:44 +00:00 · 2025-07-18 17:22:50 -07:00
parent 003609239f
commit 5b7b6fe608
6 changed files with 73 additions and 8 deletions
--- a/packages/core/src/code_assist/oauth2.test.ts
+++ b/packages/core/src/code_assist/oauth2.test.ts
@@ -31,6 +31,9 @@ vi.mock('http');
 vi.mock('open');
 vi.mock('crypto');
 vi.mock('node:readline');
+vi.mock('../utils/browser.js', () => ({
+  shouldAttemptBrowserLaunch: () => true,
+}));

 const mockConfig = {
  getNoBrowser: () => false,
@@ -83,7 +86,7 @@ describe('oauth2', () => {
    );

    vi.spyOn(crypto, 'randomBytes').mockReturnValue(mockState as never);
-    (open as Mock).mockImplementation(async () => ({}) as never);
+    (open as Mock).mockImplementation(async () => ({ on: vi.fn() }) as never);

    // Mock the UserInfo API response
    (global.fetch as Mock).mockResolvedValue({
@@ -236,7 +239,7 @@ describe('oauth2', () => {
    expect(mockGetToken).toHaveBeenCalledWith({
      code: mockCode,
      codeVerifier: mockCodeVerifier.codeVerifier,
-      redirect_uri: 'https://sdk.cloud.google.com/authcode_cloudcode.html',
+      redirect_uri: 'https://codeassist.google.com/authcode',
    });
    expect(mockSetCredentials).toHaveBeenCalledWith(mockTokens);

--- a/packages/core/src/code_assist/oauth2.ts
+++ b/packages/core/src/code_assist/oauth2.ts
@@ -26,6 +26,7 @@ import {
  clearCachedGoogleAccount,
 } from '../utils/user_account.js';
 import { AuthType } from '../core/contentGenerator.js';
+import { shouldAttemptBrowserLaunch } from '../utils/browser.js';
 import readline from 'node:readline';

 //  OAuth Client ID used to initiate OAuth2Client class.
@@ -121,7 +122,7 @@ export async function getOauthClient(
    }
  }

-  if (config.getNoBrowser()) {
+  if (config.getNoBrowser() || !shouldAttemptBrowserLaunch()) {
    let success = false;
    const maxRetries = 2;
    for (let i = 0; !success && i < maxRetries; i++) {
@@ -156,15 +157,17 @@ export async function getOauthClient(
      // causing the entire Node.js process to crash.
      childProcess.on('error', (_) => {
        console.error(
-          'Failed to open browser automatically. Please open the URL manually:',
+          'Failed to open browser automatically. Please try running again with NO_BROWSER=true set.',
        );
-        console.error(webLogin.authUrl);
+        process.exit(1);
      });
    } catch (err) {
      console.error(
        'An unexpected error occurred while trying to open the browser:',
        err,
+        '\nPlease try running again with NO_BROWSER=true set.',
      );
+      process.exit(1);
    }
    console.log('Waiting for authentication...');

@@ -175,7 +178,7 @@ export async function getOauthClient(
 }

 async function authWithUserCode(client: OAuth2Client): Promise<boolean> {
-  const redirectUri = 'https://sdk.cloud.google.com/authcode_cloudcode.html';
+  const redirectUri = 'https://codeassist.google.com/authcode';
  const codeVerifier = await client.generateCodeVerifierAsync();
  const state = crypto.randomBytes(32).toString('hex');
  const authUrl: string = client.generateAuthUrl({