Skip to content

feat(auth): add --no-localhost flag to gws auth login#534

Open
qihan-bot wants to merge 9 commits intogoogleworkspace:mainfrom
qihan-bot:feature-auth-no-localhost
Open

feat(auth): add --no-localhost flag to gws auth login#534
qihan-bot wants to merge 9 commits intogoogleworkspace:mainfrom
qihan-bot:feature-auth-no-localhost

Conversation

@qihan-bot
Copy link

@qihan-bot qihan-bot commented Mar 18, 2026

Summary

  • Add --no-localhost flag to gws auth login for environments without a local HTTP server (SSH sessions, headless servers, containers)
  • Implements manual copy-paste OAuth code flow as a fallback to the default localhost redirect
  • Add unit tests for handle_login argument parsing and OOB code extraction
  • Fix compile issues and run cargo fmt for CI compliance

Motivation

Users running gws in headless/remote environments (SSH, Docker, CI) cannot use the default localhost redirect for OAuth. The --no-localhost flag provides a manual code entry flow that works in any terminal.

Test plan

  • Changeset included (add-no-localhost-flag.md)
  • Unit tests for parse_login_args and OOB code extraction
  • cargo fmt applied
  • Code compiles successfully

google-labs-jules bot and others added 9 commits March 6, 2026 01:10
@google-labs-jules
feat(auth): add --no-localhost flag to gws auth login
9c3dc25 
This commit introduces a `--no-localhost` flag to the `login`
subcommand, which enables an out-of-band (OOB) OAuth flow. When this
flag is provided, the CLI will output an authentication URL and prompt
the user to paste the authorization code back into the terminal. This
is particularly useful in environments where a local redirect server
cannot be started or accessed, similar to `clasp login --no-localhost`.

The flag adjusts the redirect URIs to prioritize `urn:ietf:wg:oauth:2.0:oob`
and configures the `InstalledFlowAuthenticator` to use
`InstalledFlowReturnMethod::Interactive` instead of `HTTPRedirect`.
@google-labs-jules
feat(auth): add --no-localhost flag to gws auth login
5e6f316 
This commit introduces a `--no-localhost` flag to the `login`
subcommand, which enables an out-of-band (OOB) OAuth flow. When this
flag is provided, the CLI will output an authentication URL and prompt
the user to paste the authorization code back into the terminal. This
is particularly useful in environments where a local redirect server
cannot be started or accessed, similar to `clasp login --no-localhost`.

The flag adjusts the redirect URIs to prioritize `urn:ietf:wg:oauth:2.0:oob`
and configures the `InstalledFlowAuthenticator` to use
`InstalledFlowReturnMethod::Interactive` instead of `HTTPRedirect`.
@google-labs-jules
feat(auth): add --no-localhost flag to gws auth login
11e7bbd 
This commit introduces a `--no-localhost` flag to the `login`
subcommand, which enables an out-of-band (OOB) OAuth flow. When this
flag is provided, the CLI will output an authentication URL and prompt
the user to paste the authorization code back into the terminal. This
is particularly useful in environments where a local redirect server
cannot be started or accessed, similar to `clasp login --no-localhost`.

The flag adjusts the redirect URIs to prioritize `urn:ietf:wg:oauth:2.0:oob`
and configures the `InstalledFlowAuthenticator` to use
`InstalledFlowReturnMethod::Interactive` instead of `HTTPRedirect`.
Additionally, it extracts the authorization code from a full redirect
URL pasted by the user.
@jpoehnelt @gemini-code-assist
Update src/auth_commands.rs
f7e9a45 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
@google-labs-jules
fix: compile issues in gws auth login --no-localhost
37091be 
Resolved an unclosed delimiter compiler error that was caused by
a formatting/merge conflict in `src/auth_commands.rs`. Tests pass,
and `cargo fmt` has been run on all code.
@google-labs-jules
fix: syntax and formatting errors
df65184 
Resolved the unclosed delimiter in `src/auth_commands.rs` that
broke CI. Verified by running `cargo fmt --all -- --check`,
`cargo check`, `cargo build`, and `cargo test`.
@google-labs-jules
test(auth): add coverage for OOB code extraction
9654483 
Extracted the URL parsing logic for the out-of-band `--no-localhost`
OAuth flow into a separate helper `extract_code_from_input` and added
tests to prevent coverage drop.
@google-labs-jules
test(auth): add tests for handle_login argument parsing
5a92570 
Extracted the argument parsing logic from `handle_login` into a new
`parse_login_args` helper and added unit tests to cover the extraction
of `--account`, `--services`, and the new `--no-localhost` flag.
This resolves the Codecov coverage regression.
@google-labs-jules
fix: run cargo fmt on new tests
210bee2 
Resolved CI formatting checks by running `cargo fmt` after adding
the new unit tests for `parse_login_args`.
@changeset-bot
Copy link

changeset-bot bot commented Mar 18, 2026

🦋 Changeset detected

Latest commit: 210bee2

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@googleworkspace/cli Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Mar 18, 2026

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the gws auth login command by introducing a new --no-localhost flag. This flag enables users in headless or remote environments, such as SSH sessions or Docker containers, to authenticate using a manual code entry flow, bypassing the need for a local HTTP server. This significantly improves the usability of the gws CLI in non-browser-based contexts.

Highlights

  • New --no-localhost flag: Introduced a --no-localhost flag to gws auth login for environments without a local HTTP server.
  • Manual OAuth code flow: Implemented a manual copy-paste OAuth code flow as an alternative to the default localhost redirect.
  • Unit tests: Added unit tests for handle_login argument parsing and out-of-band (OOB) code extraction.
  • Code quality: Resolved compile issues and applied cargo fmt for code style consistency.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

  1. Review the Generative AI Prohibited Use Policy, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@google-cla
Copy link

google-cla bot commented Mar 18, 2026

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Mar 18, 2026
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a new --no-localhost flag to the gws auth login command, enabling an out-of-band (OOB) OAuth authentication flow. This change allows users to authenticate without requiring a local HTTP server, by prompting them to manually paste the authorization code after opening the provided URL. The implementation involves updating the help message, refactoring argument parsing into a new parse_login_args function, modifying the present_user_url delegate to handle interactive input, and conditionally configuring the OAuth redirect URIs and return method. New unit tests have been added to cover the argument parsing and code extraction logic.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

area: auth

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@qihan-bot @googleworkspace-bot @jpoehnelt