opencode-gemini-auth 1.3.4 → 1.3.7

package/README.md

@@ -37,7 +37,7 @@ Add the plugin to your Opencode configuration file
    - A browser window will open for you to approve the access.
    - The plugin spins up a temporary local server to capture the callback.
    - If the local server fails (e.g., port in use or headless environment),
-     you can manually copy/paste the callback URL as instructed.
+     you can manually paste the callback URL or just the authorization code.
 
 Once authenticated, Opencode will use your Google account for Gemini requests.
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "opencode-gemini-auth",
   "module": "index.ts",
-  "version": "1.3.4",
+  "version": "1.3.7",
   "author": "jenslys",
   "repository": "https://github.com/jenslys/opencode-gemini-auth",
   "files": [
@@ -11,7 +11,7 @@
   "license": "MIT",
   "type": "module",
   "devDependencies": {
-    "@opencode-ai/plugin": "^0.15.31",
+    "@opencode-ai/plugin": "^1.0.203",
     "@types/bun": "latest"
   },
   "peerDependencies": {

package/src/gemini/oauth.ts

@@ -107,53 +107,24 @@ export async function exchangeGemini(
   try {
     const { verifier } = decodeState(state);
 
-    const tokenResponse = await fetch("https://oauth2.googleapis.com/token", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded",
-      },
-      body: new URLSearchParams({
-        client_id: GEMINI_CLIENT_ID,
-        client_secret: GEMINI_CLIENT_SECRET,
-        code,
-        grant_type: "authorization_code",
-        redirect_uri: GEMINI_REDIRECT_URI,
-        code_verifier: verifier,
-      }),
-    });
-
-    if (!tokenResponse.ok) {
-      const errorText = await tokenResponse.text();
-      return { type: "failed", error: errorText };
-    }
-
-    const tokenPayload = (await tokenResponse.json()) as GeminiTokenResponse;
-
-    const userInfoResponse = await fetch(
-      "https://www.googleapis.com/oauth2/v1/userinfo?alt=json",
-      {
-        headers: {
-          Authorization: `Bearer ${tokenPayload.access_token}`,
-        },
-      },
-    );
-
-    const userInfo = userInfoResponse.ok
-      ? ((await userInfoResponse.json()) as GeminiUserInfo)
-      : {};
-
-    const refreshToken = tokenPayload.refresh_token;
-    if (!refreshToken) {
-      return { type: "failed", error: "Missing refresh token in response" };
-    }
-
+    return await exchangeGeminiWithVerifierInternal(code, verifier);
+  } catch (error) {
     return {
-      type: "success",
-      refresh: refreshToken,
-      access: tokenPayload.access_token,
-      expires: Date.now() + tokenPayload.expires_in * 1000,
-      email: userInfo.email,
+      type: "failed",
+      error: error instanceof Error ? error.message : "Unknown error",
     };
+  }
+}
+
+/**
+ * Exchange an authorization code using a known PKCE verifier.
+ */
+export async function exchangeGeminiWithVerifier(
+  code: string,
+  verifier: string,
+): Promise<GeminiTokenExchangeResult> {
+  try {
+    return await exchangeGeminiWithVerifierInternal(code, verifier);
   } catch (error) {
     return {
       type: "failed",
@@ -161,3 +132,56 @@ export async function exchangeGemini(
     };
   }
 }
+
+async function exchangeGeminiWithVerifierInternal(
+  code: string,
+  verifier: string,
+): Promise<GeminiTokenExchangeResult> {
+  const tokenResponse = await fetch("https://oauth2.googleapis.com/token", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded",
+    },
+    body: new URLSearchParams({
+      client_id: GEMINI_CLIENT_ID,
+      client_secret: GEMINI_CLIENT_SECRET,
+      code,
+      grant_type: "authorization_code",
+      redirect_uri: GEMINI_REDIRECT_URI,
+      code_verifier: verifier,
+    }),
+  });
+
+  if (!tokenResponse.ok) {
+    const errorText = await tokenResponse.text();
+    return { type: "failed", error: errorText };
+  }
+
+  const tokenPayload = (await tokenResponse.json()) as GeminiTokenResponse;
+
+  const userInfoResponse = await fetch(
+    "https://www.googleapis.com/oauth2/v1/userinfo?alt=json",
+    {
+      headers: {
+        Authorization: `Bearer ${tokenPayload.access_token}`,
+      },
+    },
+  );
+
+  const userInfo = userInfoResponse.ok
+    ? ((await userInfoResponse.json()) as GeminiUserInfo)
+    : {};
+
+  const refreshToken = tokenPayload.refresh_token;
+  if (!refreshToken) {
+    return { type: "failed", error: "Missing refresh token in response" };
+  }
+
+  return {
+    type: "success",
+    refresh: refreshToken,
+    access: tokenPayload.access_token,
+    expires: Date.now() + tokenPayload.expires_in * 1000,
+    email: userInfo.email,
+  };
+}

package/src/plugin/request-helpers.ts

@@ -120,34 +120,6 @@ export function extractUsageMetadata(body: GeminiApiBody): GeminiUsageMetadata |
   };
 }
 
-/**
- * Walks SSE lines to find a usage-bearing response chunk.
- */
-export function extractUsageFromSsePayload(payload: string): GeminiUsageMetadata | null {
-  const lines = payload.split("\n");
-  for (const line of lines) {
-    if (!line.startsWith("data:")) {
-      continue;
-    }
-    const jsonText = line.slice(5).trim();
-    if (!jsonText) {
-      continue;
-    }
-    try {
-      const parsed = JSON.parse(jsonText);
-      if (parsed && typeof parsed === "object") {
-        const usage = extractUsageMetadata({ response: (parsed as Record<string, unknown>).response });
-        if (usage) {
-          return usage;
-        }
-      }
-    } catch {
-      continue;
-    }
-  }
-  return null;
-}
-
 /**
  * Enhances 404 errors for Gemini 3 models with a direct preview-access message.
  */

package/src/plugin/request.ts

@@ -1,7 +1,6 @@
 import { CODE_ASSIST_HEADERS, GEMINI_CODE_ASSIST_ENDPOINT } from "../constants";
 import { logGeminiDebugResponse, type GeminiDebugContext } from "./debug";
 import {
-  extractUsageFromSsePayload,
   extractUsageMetadata,
   normalizeThinkingConfig,
   parseGeminiApiBody,
@@ -20,32 +19,85 @@ const MODEL_FALLBACKS: Record<string, string> = {
  * @returns True when the URL targets generativelanguage.googleapis.com.
  */
 export function isGenerativeLanguageRequest(input: RequestInfo): input is string {
-  return typeof input === "string" && input.includes("generativelanguage.googleapis.com");
+  return toRequestUrlString(input).includes("generativelanguage.googleapis.com");
 }
 
 /**
- * Rewrites SSE payloads so downstream consumers see only the inner `response` objects.
+ * Rewrites SSE payload lines so downstream consumers see only the inner `response` objects.
  */
-function transformStreamingPayload(payload: string): string {
-  return payload
-    .split("\n")
-    .map((line) => {
-      if (!line.startsWith("data:")) {
-        return line;
-      }
-      const json = line.slice(5).trim();
-      if (!json) {
-        return line;
+function transformStreamingLine(line: string): string {
+  if (!line.startsWith("data:")) {
+    return line;
+  }
+  const json = line.slice(5).trim();
+  if (!json) {
+    return line;
+  }
+  try {
+    const parsed = JSON.parse(json) as { response?: unknown };
+    if (parsed.response !== undefined) {
+      return `data: ${JSON.stringify(parsed.response)}`;
+    }
+  } catch (_) {}
+  return line;
+}
+
+/**
+ * Streams SSE payloads, rewriting data lines on the fly.
+ */
+function transformStreamingPayloadStream(
+  stream: ReadableStream<Uint8Array>,
+): ReadableStream<Uint8Array> {
+  const decoder = new TextDecoder();
+  const encoder = new TextEncoder();
+  let buffer = "";
+  let reader: ReadableStreamDefaultReader<Uint8Array> | null = null;
+
+  return new ReadableStream<Uint8Array>({
+    start(controller) {
+      reader = stream.getReader();
+      const pump = (): void => {
+        reader!
+          .read()
+          .then(({ done, value }) => {
+            if (done) {
+              buffer += decoder.decode();
+              if (buffer.length > 0) {
+                controller.enqueue(encoder.encode(transformStreamingLine(buffer)));
+              }
+              controller.close();
+              return;
+            }
+
+            buffer += decoder.decode(value, { stream: true });
+
+            let newlineIndex = buffer.indexOf("\n");
+            while (newlineIndex !== -1) {
+              const line = buffer.slice(0, newlineIndex);
+              buffer = buffer.slice(newlineIndex + 1);
+              const hasCarriageReturn = line.endsWith("\r");
+              const rawLine = hasCarriageReturn ? line.slice(0, -1) : line;
+              const transformed = transformStreamingLine(rawLine);
+              const suffix = hasCarriageReturn ? "\r\n" : "\n";
+              controller.enqueue(encoder.encode(`${transformed}${suffix}`));
+              newlineIndex = buffer.indexOf("\n");
+            }
+
+            pump();
+          })
+          .catch((error) => {
+            controller.error(error);
+          });
+      };
+
+      pump();
+    },
+    cancel(reason) {
+      if (reader) {
+        reader.cancel(reason).catch(() => {});
       }
-      try {
-        const parsed = JSON.parse(json) as { response?: unknown };
-        if (parsed.response !== undefined) {
-          return `data: ${JSON.stringify(parsed.response)}`;
-        }
-      } catch (_) {}
-      return line;
-    })
-    .join("\n");
+    },
+  });
 }
 
 /**
@@ -72,7 +124,7 @@ export function prepareGeminiRequest(
   headers.set("Authorization", `Bearer ${accessToken}`);
   headers.delete("x-api-key");
 
-  const match = input.match(/\/models\/([^:]+):(\w+)/);
+  const match = toRequestUrlString(input).match(/\/models\/([^:]+):(\w+)/);
   if (!match) {
     return {
       request: input,
@@ -136,7 +188,6 @@ export function prepareGeminiRequest(
         }
 
         delete requestPayload.cached_content;
-        delete requestPayload.cachedContent;
         if (requestPayload.extra_body && typeof requestPayload.extra_body === "object") {
           delete (requestPayload.extra_body as Record<string, unknown>).cached_content;
           delete (requestPayload.extra_body as Record<string, unknown>).cachedContent;
@@ -182,9 +233,23 @@ export function prepareGeminiRequest(
   };
 }
 
+function toRequestUrlString(value: RequestInfo): string {
+  if (typeof value === "string") {
+    return value;
+  }
+  if (value instanceof URL) {
+    return value.toString();
+  }
+  const candidate = (value as Request).url;
+  if (candidate) {
+    return candidate;
+  }
+  return value.toString();
+}
+
 /**
  * Normalizes Gemini responses: applies retry headers, extracts cache usage into headers,
- * rewrites preview errors, flattens streaming payloads, and logs debug metadata.
+ * rewrites preview errors, rewrites streaming payloads, and logs debug metadata.
  */
 export async function transformGeminiResponse(
   response: Response,
@@ -204,8 +269,22 @@ export async function transformGeminiResponse(
   }
 
   try {
-    const text = await response.text();
     const headers = new Headers(response.headers);
+
+    if (streaming && response.ok && isEventStreamResponse && response.body) {
+      logGeminiDebugResponse(debugContext, response, {
+        note: "Streaming SSE payload (body omitted)",
+        headersOverride: headers,
+      });
+
+      return new Response(transformStreamingPayloadStream(response.body), {
+        status: response.status,
+        statusText: response.statusText,
+        headers,
+      });
+    }
+
+    const text = await response.text();
     
     if (!response.ok && text) {
       try {
@@ -238,12 +317,11 @@ export async function transformGeminiResponse(
       headers,
     };
 
-    const usageFromSse = streaming && isEventStreamResponse ? extractUsageFromSsePayload(text) : null;
     const parsed: GeminiApiBody | null = !streaming || !isEventStreamResponse ? parseGeminiApiBody(text) : null;
     const patched = parsed ? rewriteGeminiPreviewAccessError(parsed, response.status, requestedModel) : null;
     const effectiveBody = patched ?? parsed ?? undefined;
 
-    const usage = usageFromSse ?? (effectiveBody ? extractUsageMetadata(effectiveBody) : null);
+    const usage = effectiveBody ? extractUsageMetadata(effectiveBody) : null;
     if (usage?.cachedContentTokenCount !== undefined) {
       headers.set("x-gemini-cached-content-token-count", String(usage.cachedContentTokenCount));
       if (usage.totalTokenCount !== undefined) {
@@ -259,14 +337,10 @@ export async function transformGeminiResponse(
 
     logGeminiDebugResponse(debugContext, response, {
       body: text,
-      note: streaming ? "Streaming SSE payload" : undefined,
+      note: streaming ? "Streaming SSE payload (buffered)" : undefined,
       headersOverride: headers,
     });
 
-    if (streaming && response.ok && isEventStreamResponse) {
-      return new Response(transformStreamingPayload(text), init);
-    }
-
     if (!parsed) {
       return new Response(text, init);
     }

package/src/plugin.ts

@@ -1,7 +1,11 @@
 import { spawn } from "node:child_process";
 
 import { GEMINI_PROVIDER_ID, GEMINI_REDIRECT_URI } from "./constants";
-import { authorizeGemini, exchangeGemini } from "./gemini/oauth";
+import {
+  authorizeGemini,
+  exchangeGemini,
+  exchangeGeminiWithVerifier,
+} from "./gemini/oauth";
 import type { GeminiTokenExchangeResult } from "./gemini/oauth";
 import { accessTokenExpired, isOAuthAuth } from "./plugin/auth";
 import { ensureProjectContext } from "./plugin/project";
@@ -146,16 +150,18 @@ export const GeminiCLIOAuthPlugin = async (
             } catch (error) {
               if (error instanceof Error) {
                 console.log(
-                  `Warning: Couldn't start the local callback listener (${error.message}). You'll need to paste the callback URL.`,
+                  `Warning: Couldn't start the local callback listener (${error.message}). You'll need to paste the callback URL or authorization code.`,
                 );
               } else {
                 console.log(
-                  "Warning: Couldn't start the local callback listener. You'll need to paste the callback URL.",
+                  "Warning: Couldn't start the local callback listener. You'll need to paste the callback URL or authorization code.",
                 );
               }
             }
           } else {
-            console.log("Headless environment detected. You'll need to paste the callback URL.");
+            console.log(
+              "Headless environment detected. You'll need to paste the callback URL or authorization code.",
+            );
           }
 
           const authorization = await authorizeGemini();
@@ -201,22 +207,24 @@ export const GeminiCLIOAuthPlugin = async (
           return {
             url: authorization.url,
             instructions:
-              "Complete OAuth in your browser, then paste the full redirected URL (e.g., http://localhost:8085/oauth2callback?code=...&state=...)",
+              "Complete OAuth in your browser, then paste the full redirected URL (e.g., http://localhost:8085/oauth2callback?code=...&state=...) or just the authorization code.",
             method: "code",
             callback: async (callbackUrl: string): Promise<GeminiTokenExchangeResult> => {
               try {
-                const url = new URL(callbackUrl);
-                const code = url.searchParams.get("code");
-                const state = url.searchParams.get("state");
+                const { code, state } = parseOAuthCallbackInput(callbackUrl);
 
-                if (!code || !state) {
+                if (!code) {
                   return {
                     type: "failed",
-                    error: "Missing code or state in callback URL",
+                    error: "Missing authorization code in callback input",
                   };
                 }
 
-                return exchangeGemini(code, state);
+                if (state) {
+                  return exchangeGemini(code, state);
+                }
+
+                return exchangeGeminiWithVerifier(code, authorization.verifier);
               } catch (error) {
                 return {
                   type: "failed",
@@ -249,6 +257,37 @@ function toUrlString(value: RequestInfo): string {
   return value.toString();
 }
 
+function parseOAuthCallbackInput(input: string): { code?: string; state?: string } {
+  const trimmed = input.trim();
+  if (!trimmed) {
+    return {};
+  }
+
+  if (/^https?:\/\//i.test(trimmed)) {
+    try {
+      const url = new URL(trimmed);
+      return {
+        code: url.searchParams.get("code") || undefined,
+        state: url.searchParams.get("state") || undefined,
+      };
+    } catch {
+      return {};
+    }
+  }
+
+  const candidate = trimmed.startsWith("?") ? trimmed.slice(1) : trimmed;
+  if (candidate.includes("=")) {
+    const params = new URLSearchParams(candidate);
+    const code = params.get("code") || undefined;
+    const state = params.get("state") || undefined;
+    if (code || state) {
+      return { code, state };
+    }
+  }
+
+  return { code: trimmed };
+}
+
 function openBrowserUrl(url: string): void {
   try {
     // Best-effort: don't block auth flow if spawning fails.