Merge "Login with Google Workspace" auth option into "Login with Google" (#1574)

Co-authored-by: Scott Densmore <scottdensmore@mac.com>
This commit is contained in:
Tommaso Sciortino 2025-06-25 15:38:18 -07:00 committed by GitHub
parent 00b24c917e
commit 79c647d486
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
13 changed files with 31 additions and 95 deletions

View File

@ -4,9 +4,21 @@ The Gemini CLI requires you to authenticate with Google's AI services. On initia
1. **Login with Google (Gemini Code Assist):**
- Use this option to log in with the standard, personal account you use for services like Gmail, Google Photos, and Google Drive for personal use (e.g. your-name@gmail.com).
- Use this option to log in with your google account.
- During initial startup, Gemini CLI will direct you to a webpage for authentication. Once authenticated, your credentials will be cached locally so the web login can be skipped on subsequent runs.
- Note that the web login must be done in a browser that can communicate with the machine Gemini CLI is being run from. (Specifically, the browser will be redirected to a localhost url that Gemini CLI will be listening on).
- Users may have to specify a GOOGLE_CLOUD_PROJECT if:
1. You have a Google Workspace account. Google Workspace is a paid service for businesses and organizations that provides a suite of productivity tools, including a custom email domain (e.g. your-name@your-company.com), enhanced security features, and administrative controls. These accounts are often managed by an employer or school.
2. You are a licensed Code Assist user. This can happen if you have previously purchased a Code Assist license or have acquired one through Google Developer Program.
- If you fall into one of these categories, you must first configure a Google Cloud Project Id to use, [enable the Gemini for Cloud API](https://cloud.google.com/gemini/docs/discover/set-up-gemini#enable-api) and [configure access permissions](https://cloud.google.com/gemini/docs/discover/set-up-gemini#grant-iam). You can temporarily set the environment variable in your current shell session using the following command:
```bash
export GOOGLE_CLOUD_PROJECT="YOUR_PROJECT_ID"
```
- For repeated use, you can add the environment variable to your `.env` file (located in the project directory or user home directory) or your shell's configuration file (like `~/.bashrc`, `~/.zshrc`, or `~/.profile`). For example, the following command adds the environment variable to a `~/.bashrc` file:
```bash
echo 'export GOOGLE_CLOUD_PROJECT="YOUR_PROJECT_ID"' >> ~/.bashrc
source ~/.bashrc
```
2. **<a id="gemini-api-key"></a>Gemini API key:**

View File

@ -13,13 +13,6 @@ export const validateAuthMethod = (authMethod: string): string | null => {
return null;
}
if (authMethod === AuthType.LOGIN_WITH_GOOGLE_ENTERPRISE) {
if (!process.env.GOOGLE_CLOUD_PROJECT) {
return 'GOOGLE_CLOUD_PROJECT environment variable not found. Add that to your .env and try again, no reload needed!';
}
return null;
}
if (authMethod === AuthType.USE_GEMINI) {
if (!process.env.GEMINI_API_KEY) {
return 'GEMINI_API_KEY environment variable not found. Add that to your .env and try again, no reload needed!';

View File

@ -29,32 +29,15 @@ export function AuthDialog({
const [errorMessage, setErrorMessage] = useState<string | null>(
initialErrorMessage || null,
);
const allAuthItems = [
const items = [
{
label: 'Login with Google',
value: AuthType.LOGIN_WITH_GOOGLE_PERSONAL,
},
{ label: 'Gemini API Key', value: AuthType.USE_GEMINI },
{
label: 'Login with Google (for Workspace or licensed Code Assist users)',
value: AuthType.LOGIN_WITH_GOOGLE_ENTERPRISE,
},
{ label: 'Vertex AI', value: AuthType.USE_VERTEX_AI },
];
const isSelectedAuthInMore = allAuthItems
.slice(2)
.some((item) => item.value === settings.merged.selectedAuthType);
const [showAll, setShowAll] = useState(isSelectedAuthInMore);
const initialAuthItems = [
...allAuthItems.slice(0, 2),
{ label: 'More...', value: 'more' },
];
const items = showAll ? allAuthItems : initialAuthItems;
let initialAuthIndex = items.findIndex(
(item) => item.value === settings.merged.selectedAuthType,
);
@ -64,10 +47,6 @@ export function AuthDialog({
}
const handleAuthSelect = (authMethod: string) => {
if (authMethod === 'more') {
setShowAll(true);
return;
}
const error = validateAuthMethod(authMethod);
if (error) {
setErrorMessage(error);

View File

@ -46,12 +46,16 @@ export const useAuthCommand = (
config,
);
} catch (e) {
const errorMessage =
let errorMessage = `Failed to login.\nMessage: ${getErrorMessage(e)}`;
if (
settings.merged.selectedAuthType ===
AuthType.LOGIN_WITH_GOOGLE_PERSONAL
? `Failed to login. Ensure the Google account you are using is not a Workspace account and that you are not a licensed Code Assist user (see https://goo.gle/gemini-cli-auth-docs#workspace-gca).
Message: ${getErrorMessage(e)}`
: `Failed to login. Message: ${getErrorMessage(e)}`;
AuthType.LOGIN_WITH_GOOGLE_PERSONAL &&
!process.env.GOOGLE_CLOUD_PROJECT
) {
errorMessage =
'Failed to login. Workspace accounts and licensed Code Assist users must configure' +
` GOOGLE_CLOUD_PROJECT (see https://goo.gle/gemini-cli-auth-docs#workspace-gca).\nMessage: ${getErrorMessage(e)}`;
}
setAuthError(errorMessage);
openAuthDialog();
} finally {

View File

@ -1043,7 +1043,7 @@ describe('useGeminiStream', () => {
it('should call parseAndFormatApiError with the correct authType on stream initialization failure', async () => {
// 1. Setup
const mockError = new Error('Rate limit exceeded');
const mockAuthType = AuthType.LOGIN_WITH_GOOGLE_ENTERPRISE;
const mockAuthType = AuthType.LOGIN_WITH_GOOGLE_PERSONAL;
mockParseAndFormatApiError.mockClear();
mockSendMessageStream.mockReturnValue(
(async function* () {

View File

@ -29,12 +29,12 @@ describe('parseAndFormatApiError', () => {
expect(result).toContain('Your request has been rate limited');
});
it('should format a 429 API error with the enterprise message', () => {
it('should format a 429 API error with the personal message', () => {
const errorMessage =
'got status: 429 Too Many Requests. {"error":{"code":429,"message":"Rate limit exceeded","status":"RESOURCE_EXHAUSTED"}}';
const result = parseAndFormatApiError(
errorMessage,
AuthType.LOGIN_WITH_GOOGLE_ENTERPRISE,
AuthType.LOGIN_WITH_GOOGLE_PERSONAL,
);
expect(result).toContain('[API Error: Rate limit exceeded');
expect(result).toContain(enterpriseMessage);

View File

@ -46,7 +46,6 @@ function isStructuredError(error: unknown): error is StructuredError {
function getRateLimitMessage(authType?: AuthType): string {
switch (authType) {
case AuthType.LOGIN_WITH_GOOGLE_PERSONAL:
case AuthType.LOGIN_WITH_GOOGLE_ENTERPRISE:
return RATE_LIMIT_ERROR_MESSAGE_GOOGLE;
case AuthType.USE_GEMINI:
return RATE_LIMIT_ERROR_MESSAGE_USE_GEMINI;

View File

@ -13,10 +13,7 @@ export async function createCodeAssistContentGenerator(
httpOptions: HttpOptions,
authType: AuthType,
): Promise<ContentGenerator> {
if (
authType === AuthType.LOGIN_WITH_GOOGLE_ENTERPRISE ||
authType === AuthType.LOGIN_WITH_GOOGLE_PERSONAL
) {
if (authType === AuthType.LOGIN_WITH_GOOGLE_PERSONAL) {
const authClient = await getOauthClient();
const projectId = await setupUser(authClient);
return new CodeAssistServer(authClient, projectId, httpOptions);

View File

@ -505,10 +505,7 @@ export class GeminiClient {
*/
private async handleFlashFallback(authType?: string): Promise<string | null> {
// Only handle fallback for OAuth users
if (
authType !== AuthType.LOGIN_WITH_GOOGLE_PERSONAL &&
authType !== AuthType.LOGIN_WITH_GOOGLE_ENTERPRISE
) {
if (authType !== AuthType.LOGIN_WITH_GOOGLE_PERSONAL) {
return null;
}

View File

@ -36,7 +36,6 @@ export interface ContentGenerator {
export enum AuthType {
LOGIN_WITH_GOOGLE_PERSONAL = 'oauth-personal',
LOGIN_WITH_GOOGLE_ENTERPRISE = 'oauth-enterprise',
USE_GEMINI = 'gemini-api-key',
USE_VERTEX_AI = 'vertex-ai',
}
@ -71,14 +70,6 @@ export async function createContentGeneratorConfig(
return contentGeneratorConfig;
}
// if its enterprise make sure we have a cloud project
if (
authType === AuthType.LOGIN_WITH_GOOGLE_ENTERPRISE &&
!!googleCloudProject
) {
return contentGeneratorConfig;
}
//
if (authType === AuthType.USE_GEMINI && geminiApiKey) {
contentGeneratorConfig.apiKey = geminiApiKey;
@ -118,10 +109,7 @@ export async function createContentGenerator(
'User-Agent': `GeminiCLI/${version} (${process.platform}; ${process.arch})`,
},
};
if (
config.authType === AuthType.LOGIN_WITH_GOOGLE_PERSONAL ||
config.authType === AuthType.LOGIN_WITH_GOOGLE_ENTERPRISE
) {
if (config.authType === AuthType.LOGIN_WITH_GOOGLE_PERSONAL) {
return createCodeAssistContentGenerator(httpOptions, config.authType);
}

View File

@ -188,10 +188,7 @@ export class GeminiChat {
*/
private async handleFlashFallback(authType?: string): Promise<string | null> {
// Only handle fallback for OAuth users
if (
authType !== AuthType.LOGIN_WITH_GOOGLE_PERSONAL &&
authType !== AuthType.LOGIN_WITH_GOOGLE_ENTERPRISE
) {
if (authType !== AuthType.LOGIN_WITH_GOOGLE_PERSONAL) {
return null;
}

View File

@ -275,35 +275,6 @@ describe('retryWithBackoff', () => {
expect(mockFn).toHaveBeenCalledTimes(4); // 3 initial attempts + 1 after fallback
});
it('should trigger fallback for OAuth enterprise users after persistent 429 errors', async () => {
const fallbackCallback = vi.fn().mockResolvedValue('gemini-2.5-flash');
let fallbackOccurred = false;
const mockFn = vi.fn().mockImplementation(async () => {
if (!fallbackOccurred) {
const error: HttpError = new Error('Rate limit exceeded');
error.status = 429;
throw error;
}
return 'success';
});
const promise = retryWithBackoff(mockFn, {
maxAttempts: 3,
initialDelayMs: 100,
onPersistent429: async (authType?: string) => {
fallbackOccurred = true;
return await fallbackCallback(authType);
},
authType: 'oauth-enterprise',
});
await vi.runAllTimersAsync();
await expect(promise).resolves.toBe('success');
expect(fallbackCallback).toHaveBeenCalledWith('oauth-enterprise');
});
it('should NOT trigger fallback for API key users', async () => {
const fallbackCallback = vi.fn();

View File

@ -99,8 +99,7 @@ export async function retryWithBackoff<T>(
if (
consecutive429Count >= 2 &&
onPersistent429 &&
(authType === AuthType.LOGIN_WITH_GOOGLE_PERSONAL ||
authType === AuthType.LOGIN_WITH_GOOGLE_ENTERPRISE)
authType === AuthType.LOGIN_WITH_GOOGLE_PERSONAL
) {
try {
const fallbackModel = await onPersistent429(authType);