opencode-gemini-auth 1.0.5 → 1.0.6

package/README.md

@@ -1,14 +1,17 @@
 # Gemini OAuth Plugin for Opencode
 
-Plugin for Opencode that allows you to authenticate with your Google account. This allows you to use your Google account instead of using the API.
+Authenticate the Opencode CLI with your Google account so you can use your existing Gemini plan and its included quota instead of API billing.
 
-## install
+## Setup
 
-Add the `opencode-gemini-auth` plugin to your [opencode config](https://opencode.ai/docs/config/)
+1. Add the plugin to your [Opencode config](https://opencode.ai/docs/config/):
+   ```json
+   {
+     "$schema": "https://opencode.ai/config.json",
+     "plugin": ["opencode-gemini-auth"]
+   }
+   ```
+2. Run `opencode auth login`.
+3. Choose the Google provider and select **OAuth with Google (Gemini CLI)**.
 
-```json
-{
-  "$schema": "https://opencode.ai/config.json",
-  "plugin": ["opencode-gemini-auth"]
-}
-```
+The plugin spins up a local callback listener, so after approving in the browser you'll land on an "Authentication complete" page with no URL copy/paste required. If that port is already taken, the CLI automatically falls back to the classic copy/paste flow and explains what to do.

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "opencode-gemini-auth",
   "module": "index.ts",
-  "version": "1.0.5",
+  "version": "1.0.6",
   "author": "jenslys",
   "repository": "https://github.com/jenslys/opencode-gemini-auth",
   "files": [

package/src/plugin/server.ts

@@ -0,0 +1,136 @@
+import { createServer } from "node:http";
+
+import { GEMINI_REDIRECT_URI } from "../constants";
+
+interface OAuthListenerOptions {
+  /**
+   * How long to wait for the OAuth redirect before timing out (in milliseconds).
+   */
+  timeoutMs?: number;
+}
+
+export interface OAuthListener {
+  /**
+   * Resolves with the callback URL once Google redirects back to the local server.
+   */
+  waitForCallback(): Promise<URL>;
+  /**
+   * Cleanly stop listening for callbacks.
+   */
+  close(): Promise<void>;
+}
+
+const redirectUri = new URL(GEMINI_REDIRECT_URI);
+const callbackPath = redirectUri.pathname || "/";
+
+/**
+ * Start a lightweight HTTP server that listens for the Gemini OAuth redirect.
+ * Returns a listener object that resolves with the callback once received.
+ */
+export async function startOAuthListener(
+  { timeoutMs = 5 * 60 * 1000 }: OAuthListenerOptions = {},
+): Promise<OAuthListener> {
+  const port = redirectUri.port
+    ? Number.parseInt(redirectUri.port, 10)
+    : redirectUri.protocol === "https:"
+    ? 443
+    : 80;
+  const origin = `${redirectUri.protocol}//${redirectUri.host}`;
+
+  let settled = false;
+  let resolveCallback: (url: URL) => void;
+  let rejectCallback: (error: Error) => void;
+  const callbackPromise = new Promise<URL>((resolve, reject) => {
+    resolveCallback = (url: URL) => {
+      if (settled) return;
+      settled = true;
+      if (timeoutHandle) clearTimeout(timeoutHandle);
+      resolve(url);
+    };
+    rejectCallback = (error: Error) => {
+      if (settled) return;
+      settled = true;
+      if (timeoutHandle) clearTimeout(timeoutHandle);
+      reject(error);
+    };
+  });
+
+  const successResponse = `<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>Opencode Gemini OAuth</title>
+    <style>
+      body { font-family: sans-serif; margin: 2rem; line-height: 1.5; }
+      h1 { font-size: 1.5rem; margin-bottom: 1rem; }
+    </style>
+  </head>
+  <body>
+    <h1>Authentication complete</h1>
+    <p>You can close this tab and return to the Opencode CLI.</p>
+  </body>
+</html>`;
+
+  const timeoutHandle = setTimeout(() => {
+    rejectCallback(new Error("Timed out waiting for OAuth callback"));
+  }, timeoutMs);
+  timeoutHandle.unref?.();
+
+  const server = createServer((request, response) => {
+    if (!request.url) {
+      response.writeHead(400, { "Content-Type": "text/plain" });
+      response.end("Invalid request");
+      return;
+    }
+
+    const url = new URL(request.url, origin);
+    if (url.pathname !== callbackPath) {
+      response.writeHead(404, { "Content-Type": "text/plain" });
+      response.end("Not found");
+      return;
+    }
+
+    response.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+    response.end(successResponse);
+
+    resolveCallback(url);
+
+    // Close the server after handling the first valid callback.
+    setImmediate(() => {
+      server.close();
+    });
+  });
+
+  await new Promise<void>((resolve, reject) => {
+    const handleError = (error: Error) => {
+      server.off("error", handleError);
+      reject(error);
+    };
+    server.once("error", handleError);
+    server.listen(port, "127.0.0.1", () => {
+      server.off("error", handleError);
+      resolve();
+    });
+  });
+
+  server.on("error", (error) => {
+    rejectCallback(error instanceof Error ? error : new Error(String(error)));
+  });
+
+  return {
+    waitForCallback: () => callbackPromise,
+    close: () =>
+      new Promise<void>((resolve, reject) => {
+        server.close((error) => {
+          if (error && (error as NodeJS.ErrnoException).code !== "ERR_SERVER_NOT_RUNNING") {
+            reject(error);
+            return;
+          }
+          if (!settled) {
+            rejectCallback(new Error("OAuth listener closed before callback"));
+          }
+          resolve();
+        });
+      }),
+  };
+}

package/src/plugin.ts

@@ -1,3 +1,4 @@
+import { GEMINI_REDIRECT_URI } from "./constants";
 import { authorizeGemini, exchangeGemini } from "./gemini/oauth";
 import type { GeminiTokenExchangeResult } from "./gemini/oauth";
 import { accessTokenExpired, isOAuthAuth } from "./plugin/auth";
@@ -5,6 +6,7 @@ import { promptProjectId } from "./plugin/cli";
 import { ensureProjectContext } from "./plugin/project";
 import { prepareGeminiRequest, transformGeminiResponse } from "./plugin/request";
 import { refreshAccessToken } from "./plugin/token";
+import { startOAuthListener, type OAuthListener } from "./plugin/server";
 import type {
   GetAuth,
   LoaderResult,
@@ -74,15 +76,72 @@ export const GeminiCLIOAuthPlugin = async (
         type: "oauth",
         authorize: async () => {
           console.log("\n=== Google Gemini OAuth Setup ===");
-          console.log("1. You'll be asked to sign in to your Google account and grant permission.");
-          console.log("2. After you approve, the browser will try to redirect to a 'localhost' page.");
-          console.log("3. This page will show an error like 'This site can’t be reached'. This is perfectly normal and means it worked!");
-          console.log("4. Once you see that error, copy the entire URL from the address bar, paste it back here, and press Enter.");
-          console.log("\n")
+
+          let listener: OAuthListener | null = null;
+          try {
+            listener = await startOAuthListener();
+            const { host } = new URL(GEMINI_REDIRECT_URI);
+            console.log("1. You'll be asked to sign in to your Google account and grant permission.");
+            console.log(
+              `2. We'll automatically capture the browser redirect on http://${host}. No need to paste anything back here.`,
+            );
+            console.log("3. Once you see the 'Authentication complete' page in your browser, return to this terminal.");
+          } catch (error) {
+            console.log("1. You'll be asked to sign in to your Google account and grant permission.");
+            console.log("2. After you approve, the browser will try to redirect to a 'localhost' page.");
+            console.log(
+              "3. This page will show an error like 'This site can’t be reached'. This is perfectly normal and means it worked!",
+            );
+            console.log(
+              "4. Once you see that error, copy the entire URL from the address bar, paste it back here, and press Enter.",
+            );
+            if (error instanceof Error) {
+              console.log(`\nWarning: Couldn't start the local callback listener (${error.message}). Falling back to manual copy/paste.`);
+            } else {
+              console.log("\nWarning: Couldn't start the local callback listener. Falling back to manual copy/paste.");
+            }
+          }
+          console.log("\n");
 
           const projectId = await promptProjectId();
           const authorization = await authorizeGemini(projectId);
 
+          if (listener) {
+            return {
+              url: authorization.url,
+              instructions:
+                "Complete the sign-in flow in your browser. We'll automatically detect the redirect back to localhost.",
+              method: "auto",
+              callback: async (): Promise<GeminiTokenExchangeResult> => {
+                try {
+                  const callbackUrl = await listener.waitForCallback();
+                  const code = callbackUrl.searchParams.get("code");
+                  const state = callbackUrl.searchParams.get("state");
+
+                  if (!code || !state) {
+                    return {
+                      type: "failed",
+                      error: "Missing code or state in callback URL",
+                    };
+                  }
+
+                  return await exchangeGemini(code, state);
+                } catch (error) {
+                  return {
+                    type: "failed",
+                    error: error instanceof Error ? error.message : "Unknown error",
+                  };
+                } finally {
+                  try {
+                    await listener?.close();
+                  } catch {
+                    // Ignore close errors.
+                  }
+                }
+              },
+            };
+          }
+
           return {
             url: authorization.url,
             instructions: