Error while trying to authenticate with `gcloud init`

Asked 18/3, 2022 at 17:52 Answered 6/1 at 22:23

Solved google-cloud-platform oauth-2.0 gcloud windows-subsystem-for-linux

I am trying to athenticate to the gcloud sdk using : gcloud init.

I get a URL I'm supposed to access in order to copy a token and return it to the CLI... but instead of a token, I get this error :

Erreur d'autorisation
Erreur 400 : invalid_request
Missing required parameter: redirect_uri

Is this a bug?

gcloud version info:

Google Cloud SDK 377.0.0
alpha 2022.03.10
beta 2022.03.10
bq 2.0.74
bundled-python3-unix 3.8.11
core 2022.03.10
gsutil 5.8

I am running gcloud init on wsl2 (Ubuntu 18.04). This error occurs right after the installation of gcloud with sudo apt install google-cloud-sdk.

Galahad answered 18/3, 2022 at 17:52 Comment(12)

Are you getting this error in the browser? If yes, clear the browser cookies and restart your computer. – Falcon 18/3, 2022 at 19:56

Have you considered when defining the GoogleStrategy, the JSON key has to be callbackURL instead of callbackUrl (i.e., capital URL) as suggested in this post? – Carine 18/3, 2022 at 21:46

@OsvaldoLópez not sure what you mean by JSON key and google strategy, this error happens right after installing gcloud sdk... No config prior to gcloud init – Galahad 19/3, 2022 at 15:59

@JohnHanley I'll try your solution and see. – Galahad 19/3, 2022 at 15:59

@JohnHanley, clearing cache & even using another browser didn't work. – Galahad 21/3, 2022 at 15:57

Do you still have this issue? What happens when running gcloud auth login? You can also try to solve it by deleting: browser cookies, DNS cache and disabling browser extensions. Furthermore, you could try gcloud init --no-browser. This flag prevents the command from launching a browser for authorization. – Carine 22/3, 2022 at 22:10

@OsvaldoLópez. I am using WSL2 so I thought it might have been a system dependency issue so I reinstalled the host, awaiting completion... To answer your question we did delete browser cookies, also used another browser all together. Will try gcloud init --no-browser soon – Galahad 23/3, 2022 at 14:17

Still doesn't work, I'm still having this issue. – Galahad 23/3, 2022 at 16:21

You could check this post and this forum thread for some troubleshootings related to WSL. Please let me know if any of them works for you. On the other hand, could you also please update for the community your post: 1. adding the wsl-2 tag, 2. mentioning that you are trying to run gcloud init from it, and 3. that this error happens right after installing gcloud sdk? – Carine 23/3, 2022 at 22:12

Normally WSL2 Ubuntu does not have a web browser. That means that just using gcloud init will not work. Edit your question to show a problem using the --no-browser option. I recommend using the service account method instead. – Falcon 24/3, 2022 at 9:2

I copy/paste the URL created by gcloud init, also when you ctrl+click it opens it in browser. I've already done this before and it worked on different PC/environment, it's just peculiar in this case somehow. – Galahad 24/3, 2022 at 9:28

with --no-launch-browser it works again, but it will be deprecated in gcloud 383.0 (comes as Warning) – Khalif 31/3, 2022 at 4:27

I had the same problem and gcloud has slightly changed the way their auth flow works.

Run gcloud auth login and then copy the whole output (not just the URL) to a terminal on a computer that has both a web browser and gcloud CLI installed. The command you should copy looks like

gcloud auth login --remote-bootstrap="https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=****.apps.googleusercontent.com&scope=openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fappengine.admin+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcompute+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Faccounts.reauth&state=****&access_type=offline&code_challenge=****&code_challenge_method=S256&token_usage=remote"

When you run that on your computer that has a web browser, it will open a browser window and prompt you to log in. Once you authorize your app in the web browser you get a new URL in your terminal that looks like

https://localhost:8085/?state=****&code=****&scope=email%20openid%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/cloud-platform%20https://www.googleapis.com/auth/appengine.admin%20https://www.googleapis.com/auth/compute%20https://www.googleapis.com/auth/accounts.reauth&authuser=0&hd=****&prompt=consent

Paste this new URL back into the prompt in your headless machine after Enter the output of the above command: (in your case, this would be in your WSL2 terminal). Press enter and you get the output

You are now logged in as [****].
Your current project is [None].  You can change this setting by running:
  $ gcloud config set project PROJECT_ID
[8]+  Done                    code_challenge_method=S256

Interstellar answered 24/3, 2022 at 15:40 Comment(2)

Thanks, it's worked. But i have different response. Credentials saved to file: [/home/developer/.config/gcloud/application_default_credentials.json] These credentials will be used by any library that requests Application Default Credentials (ADC) – Strudel 28/5, 2022 at 4:42

I had to change my url from http to https for this to work. localhost... to localhost.. – Steinbach 25/3 at 5:38

Try

gcloud init --console-only

Then you will get the url which will work.

You must log in to continue. Would you like to log in (Y/n)?  y                                                                                                                                                                                                                                                                                                                                                                                                                       
WARNING: The --[no-]launch-browser flags are deprecated and will be removed on June 7th 2022 (Release 389.0.0). Use --no-browser to replace --no-launch-browser.                                                                                                                                                                                                                                                                                                                      
Go to the following link in your browser:                                                                                                                                                                                                                                                                                                                                                                                                                                                 

https://accounts.google.com/o/o....

update 2022-06-20. option console-only is removed for version 389.0.0. So instead use

gcloud init --no-browser

Abraxas answered 2/6, 2022 at 14:20 Comment(0)

EDIT:

it seems this answer and the one from @K.I. give other commands that don't rely on implementation details. I've tested those 3 commands:

gcloud init --console-only

gcloud auth login --no-launch-browser

gcloud init --no-launch-browser

Original answer, another workaround (17/07/2022):

DISPLAY=":0" gcloud auth login

is a workaround mentioned in this issue. Instead of requiring you to install gcloud CLI outside WSL2, it pretends there is a browser.

A link is printed, click it, login on your browser, and you're authenticated with the CLI.

Then run again gcloud init.

Key answered 17/7, 2022 at 10:17 Comment(0)

There are some workarounds and they depend on your particular Windows environment.

In this post and in this one you can check the most related issues with respect to gcloud running in WSL.

Here you can find some Google groups related threads that might be helpful.

Finally, you could check some related Windows troubleshootings that can help in issues related to WSL2 on your own environment.

Carine answered 25/3, 2022 at 21:59 Comment(1)

@Galahad Does this or the other answer works for you? – Carine 1/4, 2022 at 22:45

You can do it without error by using another method of gcloud installation :

curl https://sdk.cloud.google.com | bash

exec -l $SHELL #restart shell

gcloud init

Forsooth answered 18/8, 2022 at 7:38 Comment(3)

-/bin/zsh: can't open input file: #restart – Barbosa 6/1, 2023 at 14:11

# is a comment, don't include it in the cli – Forsooth 28/1, 2023 at 8:13

You just saved my day !!! – Renounce 24/2, 2023 at 15:13

Adding this answer not for OP per se, but for other people searching for "gcloud init authentication failure" and similar, this variant issue/solution could occur for any platform not just WSL2.

In my case, I had a URL tracking cleaner extension ("ClearURLs", but others could do the same), which was chewing up the URL gcloud init passed to the browser. So it would fail with a generic "something went wrong" error page, internally it was a getting an http 401 error code.

I had tried disabling NoScript and even uBlock Origin to no effect, until I remembered I had CleanURLs installed. I deactivated it, and was able to complete the authentication.

I feel like most people using NoScript would think to disable it when troubleshooting something like this, but a URL cleaner is more of a background thing and may not come to mind so easily (and it can and does pass OAUTH2 urls in general, just this one tripped it up/didn't have an exception)

Alleneallentown answered 6/1 at 22:23 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags