dockergoogle-cloud-platformgcloudgoogle-authenticationgoogle-cloud-sdk

Authorizing client libraries without access to a web browser - gcloud auth application-default login

When I use to run either command: gcloud auth application-default login OR for a specific docker container docker exec -it 822c4c491383 /home/astro/google-cloud-sdk/bin/gcloud auth application-default login.

My command line would give me a link to a google response page where I'd copy the code they gave me and write it in the command line.

For some reason now, whenever I try to do either command I'm getting the follow error, saying I don't have access to web browser.

You are authorizing client libraries without access to a web browser. Please run the following command on a machine with a web browser and copy its output back here. Make sure the installed gcloud version is 372.0.0 or newer.

gcloud auth application-default login --remote-bootstrap="https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.apps.googleusercontent.com&scope=openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Faccounts.reauth&state=FmMFY6gvpOa9xndMXmWiNG3W1jDrCe&access_type=offline&code_challenge=zUI4n_pnYE5V7p0diDQLmL0X0Sk8XpTDzhz_vwtukOo&code_challenge_method=S256&token_usage=remote"

I've tried copying the link that's inside of this and place it in my web browser but I get a page saying.

Error 400: invalid request Missing required parameter: redirect uri

Edit: Though not sure why this is happening now, I added the option "--no-launch-browser" to the end of both commands and it gives me the link to place in my browser now manually and copy code.

Solution

  • On versions of gcloud >= 383.0.0 (26 Apr 2022), Google have removed support for the --console-only and --no-launch-browser flags on their CLI. As far as I can see, they do not give a reason for this, but it is likely security related.

    The new intended method for authenticating on a machine without a web browser, is to use the --no-browser flag and copy the command it gives you onto a machine that has both gcloud >= 372.0 and a web browser installed. In other words, it is no longer possible to do this purely on a machine with no browser. See the following steps copied directly from their documentation:

    Follow these steps:

    1. Copy the long command that begins with gcloud auth login --remote-bootstrap=".
    2. Paste and run this command on the command line of a different, trusted machine that has local installations of both a web browser and the gcloud CLI version 372.0 or later.
    3. Copy the long URL output from the machine with the web browser.
    4. Paste the long URL back to the first machine under the prompt, Enter the output of the above command, and press Enter to complete the authorization.