oauth2 setup | Google Developer Community | Page 1

hybrid dove Apr 26, 2024, 4:03 AM

#

the command under "Set up application default credentials" on this page (https://ai.google.dev/gemini-api/docs/oauth) causes an error related to how the scopes are formatted (i think)

Google AI for Developers

Authentication with OAuth quickstart | Google AI for Developers

upper spear Apr 26, 2024, 4:05 AM

#

The documentation there is pretty convoluted.

Take a look at https://github.com/google-gemini/cookbook/blob/main/quickstarts/Authentication_with_OAuth.ipynb to see if that helps.

GitHub

cookbook/quickstarts/Authentication_with_OAuth.ipynb at main · goog...

A collection of guides and examples for the Gemini API. - google-gemini/cookbook

hybrid dove Apr 26, 2024, 4:14 AM

#

thanks. for reference, this is the error i was getting for gcloud auth application-default login --client-id-file=client_secret.json --scopes=https://www.googleapis.com/auth/cloud-platformhttps://www.googleapis.com/auth/generative-language.retriever in the google cloud cli. i'm not sure what it wants me to do, but I'll check in the cookbook

upper spear Apr 26, 2024, 4:19 AM

#

That looks like when you specified the scopes you didn't include a comma in between the two scopes.

hybrid dove Apr 26, 2024, 4:46 AM

#

upper spear That looks like when you specified the scopes you didn't include a comma in betw...

that was an issue with the first command i tried, but I figured it out!

#

this step in the tutorial is wrong. you need to add https://www.googleapis.com/auth/cloud-platform to the scopes. the correct command to run is then

gcloud auth application-default login --no-browser --client-id-file client_secret.json --scopes https://www.googleapis.com/auth/cloud-platform,https://www.googleapis.com/auth/generative-language.tuning,https://www.googleapis.com/auth/generative-language.retriever

assuming that this command is run in the same working directory as the client_secret file.

EDIT the original command in this message was wrong. i ran the above command and got it to work. idk if you actually have to add the scopes.

hybrid dove Apr 26, 2024, 5:07 AM

#

nvm that didn't fix it. i got through to the sign in process but then I got this error

google.api_core.exceptions.PermissionDenied: 403 Request had insufficient authentication scopes. [reason: "ACCESS_TOKEN_SCOPE_INSUFFICIENT"
domain: "googleapis.com"
metadata {
  key: "service"
  value: "generativelanguage.googleapis.com"  
}
metadata {
  key: "method"
  value: "google.ai.generativelanguage.v1beta.ModelService.ListModels"
}
]

from running this one line script

print('Available base models:', [m.name for m in genai.list_models()])

#

i added both of these scopes to the oauth consent screen and made sure to check both when signing in I was able to sign in alright, but I got the same 403 error

hybrid dove Apr 26, 2024, 5:44 AM

#

i updated the message. the = after --scopes and the ' around the urls was causing them to be invalid. it would try to interpret the = and ' as part of the url, so the scope in the middle would be valid, but the first and last would not be. that's why the error was "some" scopes are invalid

#oauth2 setup