Skip to content

feat: Google Gemini subscription support#1071

Draft
brunobuddy wants to merge 1 commit intomainfrom
google-subscription
Draft

feat: Google Gemini subscription support#1071
brunobuddy wants to merge 1 commit intomainfrom
google-subscription

Conversation

@brunobuddy
Copy link
Copy Markdown
Member

@brunobuddy brunobuddy commented Mar 12, 2026
edited by cubic-dev-ai bot
Loading

Summary

  • Add browser-based Google OAuth flow for connecting Gemini subscriptions
  • Backend GeminiAuthService handles OAuth token exchange and access token refresh with in-memory cache
  • Backend GeminiAuthController provides /api/v1/routing/gemini-auth (start) and /callback endpoints
  • Proxy exchanges stored refresh tokens for fresh access tokens before forwarding to Gemini (both primary and fallback paths)
  • Google subscription auth uses Authorization: Bearer header instead of ?key= query parameter
  • Frontend shows "Sign in with Google" button in subscription tab with popup OAuth flow
  • Popup blocker detection, origin-validated postMessage, and automatic cleanup on popup close

Test plan

  • Backend unit tests: 2364 passed (132 suites)
  • Frontend tests: 1398 passed (73 suites)
  • 100% line coverage on all new/modified source files
  • TypeScript compiles with no errors (backend + frontend)
  • Linter passes (pre-commit hooks)
  • E2E tests (require DATABASE_URL — pre-existing config issue)
  • Manual test: connect Gemini subscription via OAuth popup
  • Manual test: proxy routes to Gemini using subscription token
  • Manual test: disconnect Gemini subscription

Summary by cubic

Adds Gemini subscription support via Google Code Assist with a popup PKCE OAuth flow. Subscription requests now use Bearer tokens and target the Code Assist API; tokens auto-refresh and responses are unwrapped for clients.

  • New Features

    • OAuth: /api/v1/oauth/gemini/authorize and /api/v1/oauth/gemini/revoke with PKCE; defaults to Gemini CLI client; stores a token blob with project ID and auto-refresh.
    • Proxy: routes subscription calls to Code Assist (v1internal:generateContent) with Authorization: Bearer (no ?key=); unwraps the Code Assist response envelope (streaming and non‑streaming).
    • Model discovery: for Gemini subscriptions, uses a 5‑model whitelist and ignores previews/dated/Gemma variants.
    • Frontend: provider‑aware popup in the Subscription tab (“Sign in with Google”), revoke support, and generic /oauth/*/done popup completion; disconnect flows updated.
    • Tests: added backend and frontend coverage for OAuth, proxy routing, model discovery, and UI.

  • Migration

    • Set GOOGLE_GEMINI_CLIENT_ID and GOOGLE_GEMINI_CLIENT_SECRET to enable OAuth (falls back to the Gemini CLI defaults if present).
    • No changes needed for API‑key Gemini setups.

Written for commit 7ba0cef. Summary will update on new commits.

@brunobuddy
feat: add Google Gemini subscription support via Code Assist API
7ba0cef 
- OAuth flow using Google's Gemini CLI credentials (PKCE + cloud-platform scope)
- Proxy routes subscription requests through cloudcode-pa.googleapis.com (Code Assist API)
- Auto-discovers/provisions GCP project via loadCodeAssist + onboardUser LRO
- Token storage as OAuthTokenBlob with project ID, auto-refresh with 60s buffer
- Frontend: popup OAuth flow in OAuthDetailView, provider-aware dispatch
- Model discovery filtered to 5 working Code Assist models
- Shared subscription config with knownModels whitelist
- Code Assist response envelope unwrapping for both streaming and non-streaming
@brunobuddy brunobuddy force-pushed the google-subscription branch from 21a4c25 to 7ba0cef Compare April 1, 2026 02:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@brunobuddy