fix(auth): report token info in status when using GOOGLE_WORKSPACE_CLI_TOKEN#546
fix(auth): report token info in status when using GOOGLE_WORKSPACE_CLI_TOKEN#546dumko2001 wants to merge 6 commits intogoogleworkspace:mainfrom
Conversation
🦋 Changeset detectedLatest commit: 4101d3f The changes in this PR will be included in the next version bump. Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request addresses a previous limitation in the Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request correctly adds support for GOOGLE_WORKSPACE_CLI_TOKEN in the gws auth status command. However, the refactoring has introduced a regression where error reporting for failed token refreshes (e.g., due to an expired refresh token) is lost. My review includes a suggestion to restore this important feedback for the user.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request enhances the authentication status command by allowing it to use an access token provided directly via the GOOGLE_WORKSPACE_CLI_TOKEN environment variable. The handle_status function in src/auth_commands.rs was modified to prioritize this environment variable for obtaining an access token. If the environment variable is not set, the existing logic for loading credentials and exchanging a refresh token is used. Subsequently, the retrieved access token (from either source) is used to fetch user information and granted scopes from Google APIs, improving clarity in the reported authentication status.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request introduces the ability for the gws auth status command to report token information when an access token is provided via the GOOGLE_WORKSPACE_CLI_TOKEN environment variable, in addition to existing credential store methods. However, a regression was introduced where the error reporting for failed refresh token exchanges was removed. Previously, the system would capture and display error_description and set token_valid: false, but now, if the exchange fails, the access_token is simply None, leading to silent failures and potentially confusing user output.
|
Restored the error reporting for failed token refresh in |
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request correctly adds support for GOOGLE_WORKSPACE_CLI_TOKEN to the auth status command and refactors the logic to handle both direct tokens and tokens from credentials. My review includes two high-severity suggestions: one to improve performance by reusing the reqwest::Client instance, and another to improve correctness by properly URL-encoding the access token in the tokeninfo request.
|
Refactored |
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request correctly adds support for GOOGLE_WORKSPACE_CLI_TOKEN in the gws auth status command, allowing it to report token information when this environment variable is used. The implementation is functional, but I've identified a significant maintainability issue in src/auth_commands.rs where the logic for retrieving the access token has become overly complex and includes side effects within a let binding. I've left a comment with a recommendation to refactor this for better clarity and separation of concerns.
dumko2001
force-pushed
the
fix/auth-status-token-v2
branch
from
960d2b9 to
07beab6
Compare
|
Refactored the access token retrieval logic into a separate |
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request correctly adds support for GOOGLE_WORKSPACE_CLI_TOKEN to the auth status command by refactoring the token acquisition logic. My review identifies two high-severity issues: a performance regression due to using synchronous file I/O in an async context, and a bug where a JSON parsing error is not handled, leading to silent failure. Code suggestions are provided for both issues.
…ccess_token - Use tokio::fs::read_to_string instead of blocking std::fs::read_to_string - Add match arm to handle resp.json() failures with error message - Aligns with repo patterns for async I/O
|
/gemini review |
There was a problem hiding this comment.
Code Review
The pull request effectively addresses the issue of reporting token information in gws auth status when using GOOGLE_WORKSPACE_CLI_TOKEN. The introduction of the get_status_access_token helper function centralizes token retrieval logic, improving code organization and readability. Error handling for network requests and JSON parsing within this new function is robust, ensuring that the output object accurately reflects the token's validity and any associated errors. The integration into handle_status is clean and correctly leverages the new abstraction. Overall, this is a well-implemented and maintainable change.
2 participants
Description
Ensure that
gws auth statuscorrectly reports the validity, user, and scopes of an access token provided via theGOOGLE_WORKSPACE_CLI_TOKENenvironment variable. Previously, the status command only checked stored credentials, which could be confusing when using direct token injection.Checklist:
AGENTS.mdguidelines (no generatedgoogle-*crates).cargo fmt --allto format the code perfectly.cargo clippy -- -D warningsand resolved all warnings.pnpx changeset) to document my changes.