Remote step 1 output should include --services/--readonly flags in step 2 instructions #405
Description
Description
When running gog auth add with --remote --step 1 --services gmail,calendar,drive --readonly, the output says:
Run again with --remote --step 2 --auth-url <redirect-url>
This is misleading because step 2 also requires the same --services and --readonly flags. Without them, validateManualState in oauth_flow_manual.go compares opts.Scopes (which defaults to something different) against the stored state's scopes and returns errManualStateMismatch:
if st.Client != opts.Client || st.ForceConsent != opts.ForceConsent || !scopesEqual(st.Scopes, opts.Scopes) {
return manualState{}, errManualStateMismatch
}The error message ("manual auth state mismatch; run remote step 1 again") gives no hint that the real issue is mismatched scopes, not a stale state token.
Expected behavior
The step 1 output should echo back the full step 2 command with all relevant flags, e.g.:
Run again with --remote --step 2 --services gmail,calendar,drive --readonly --auth-url <redirect-url>
Or alternatively, step 2 could infer the scopes from the stored state file (since they're already saved there).
Steps to reproduce
gog auth add user@example.com --remote --step 1 --services gmail,calendar,drive --readonly
# Open the auth URL, consent, copy redirect URL
gog auth add user@example.com --remote --step 2 --auth-url "http://127.0.0.1:xxxxx/..."
# → "manual auth state mismatch; run remote step 1 again"Adding --services gmail,calendar,drive --readonly to step 2 fixes it.