Error while trying to authenticate with `gcloud init`

Question

I am trying to athenticate to the gcloud sdk using : gcloud init.

I get a URL I'm supposed to access in order to copy a token and return it to the CLI... but instead of a token, I get this error :

Erreur d'autorisation
Erreur 400 : invalid_request
Missing required parameter: redirect_uri

Is this a bug?

gcloud version info:

Google Cloud SDK 377.0.0
alpha 2022.03.10
beta 2022.03.10
bq 2.0.74
bundled-python3-unix 3.8.11
core 2022.03.10
gsutil 5.8

I am running gcloud init on wsl2 (Ubuntu 18.04). This error occurs right after the installation of gcloud with sudo apt install google-cloud-sdk.

Are you getting this error in the browser? If yes, clear the browser cookies and restart your computer. — John Hanley, Mar 18 '22 at 19:56
Have you considered when defining the GoogleStrategy, the JSON key has to be callbackURL instead of callbackUrl (i.e., capital URL) as suggested in [this post](https://stackoverflow.com/questions/32924963/missing-required-parameter-redirect-uri-with-passport-google-oauth)? — Osvaldo, Mar 18 '22 at 21:46
@OsvaldoLópez not sure what you mean by JSON key and google strategy, this error happens right after installing gcloud sdk... No config prior to `gcloud init` — Imad, Mar 19 '22 at 15:59
@JohnHanley, clearing cache & even using another browser didn't work. — Imad, Mar 21 '22 at 15:57
Do you still have this issue? What happens when running gcloud auth login? You can also try to solve it by deleting: browser cookies, DNS cache and disabling browser extensions. Furthermore, you could try gcloud init --no-browser. This flag prevents the command from launching a browser for authorization. — Osvaldo, Mar 22 '22 at 22:10
@OsvaldoLópez. I am using WSL2 so I thought it might have been a system dependency issue so I reinstalled the host, awaiting completion... To answer your question we did delete browser cookies, also used another browser all together. Will try `gcloud init --no-browser` soon — Imad, Mar 23 '22 at 14:17
You could check [this post](https://stackoverflow.com/questions/61953082/why-is-my-gcloud-command-suddenly-very-slow-inside-wsl2) and this [forum thread](https://groups.google.com/g/google-cloud-dev/c/8xUOaiR7WKE) for some troubleshootings related to WSL. Please let me know if any of them works for you. On the other hand, could you also please update for the community your post: **1.** adding the wsl-2 tag, **2.** mentioning that you are trying to run gcloud init from it, and **3.** that this error happens right after installing gcloud sdk? — Osvaldo, Mar 23 '22 at 22:12
Normally WSL2 Ubuntu does not have a web browser. That means that just using **gcloud init** will not work. Edit your question to show a problem using the --no-browser option. I recommend using the service account method instead. — John Hanley, Mar 24 '22 at 09:02
I copy/paste the URL created by gcloud init, also when you ctrl+click it opens it in browser. I've already done this before and it worked on different PC/environment, it's just peculiar in this case somehow. — Imad, Mar 24 '22 at 09:28
with --no-launch-browser it works again, but it will be deprecated in gcloud 383.0 (comes as Warning) — madduci, Mar 31 '22 at 04:27

score 14 · Accepted Answer · answered Mar 24 '22 at 15:40

I had the same problem and gcloud has slightly changed the way their auth flow works.

Run gcloud auth login and then copy the whole output (not just the URL) to a terminal on a computer that has both a web browser and gcloud CLI installed. The command you should copy looks like

gcloud auth login --remote-bootstrap="https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=****.apps.googleusercontent.com&scope=openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fappengine.admin+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcompute+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Faccounts.reauth&state=****&access_type=offline&code_challenge=****&code_challenge_method=S256&token_usage=remote"

When you run that on your computer that has a web browser, it will open a browser window and prompt you to log in. Once you authorize your app in the web browser you get a new URL in your terminal that looks like

https://localhost:8085/?state=****&code=****&scope=email%20openid%20https://www.googleapis.com/auth/userinfo.email%20https://www.googleapis.com/auth/cloud-platform%20https://www.googleapis.com/auth/appengine.admin%20https://www.googleapis.com/auth/compute%20https://www.googleapis.com/auth/accounts.reauth&authuser=0&hd=****&prompt=consent

Paste this new URL back into the prompt in your headless machine after Enter the output of the above command: (in your case, this would be in your WSL2 terminal). Press enter and you get the output

You are now logged in as [****].
Your current project is [None].  You can change this setting by running:
  $ gcloud config set project PROJECT_ID
[8]+  Done                    code_challenge_method=S256

Thanks, it's worked. But i have different response. Credentials saved to file: [/home/developer/.config/gcloud/application_default_credentials.json] These credentials will be used by any library that requests Application Default Credentials (ADC) — YGautomo, May 28 '22 at 04:42

K.I. · Answer 2 · 2022-06-20T11:06:09.470

Try

gcloud init --console-only

Then you will get the url which will work.

You must log in to continue. Would you like to log in (Y/n)?  y                                                                                                                                                                                                                                                                                                                                                                                                                       
WARNING: The --[no-]launch-browser flags are deprecated and will be removed on June 7th 2022 (Release 389.0.0). Use --no-browser to replace --no-launch-browser.                                                                                                                                                                                                                                                                                                                      
Go to the following link in your browser:                                                                                                                                                                                                                                                                                                                                                                                                                                                 

https://accounts.google.com/o/o....

update 2022-06-20. option console-only is removed for version 389.0.0. So instead use

gcloud init --no-browser

Antoine OL · Answer 3 · 2022-07-17T10:34:48.473

EDIT:

it seems this answer and the one from @K.I. give other commands that don't rely on implementation details. I've tested those 3 commands:

gcloud init --console-only

gcloud auth login --no-launch-browser

gcloud init --no-launch-browser

Original answer, another workaround (17/07/2022):

DISPLAY=":0" gcloud auth login

is a workaround mentioned in this issue. Instead of requiring you to install gcloud CLI outside WSL2, it pretends there is a browser.

A link is printed, click it, login on your browser, and you're authenticated with the CLI.

Then run again gcloud init.

score 2 · Answer 4 · answered Mar 25 '22 at 21:59

2

There are some workarounds and they depend on your particular Windows environment.

In this post and in this one you can check the most related issues with respect to gcloud running in WSL.

Here you can find some Google groups related threads that might be helpful.

Finally, you could check some related Windows troubleshootings that can help in issues related to WSL2 on your own environment.

answered Mar 25 '22 at 21:59

Osvaldo

473
1
12

@Imad Does this or the other answer works for you? – Osvaldo Apr 01 '22 at 22:45

score 2 · Answer 5 · answered Aug 18 '22 at 07:38

2

You can do it without error by using another method of gcloud installation :

curl https://sdk.cloud.google.com | bash

exec -l $SHELL #restart shell

gcloud init

answered Aug 18 '22 at 07:38

jitvimol

72
7

-/bin/zsh: can't open input file: #restart – nosequeweaponer Jan 06 '23 at 14:11
# is a comment, don't include it in the cli – jitvimol Jan 28 '23 at 08:13
You just saved my day !!! – Prabhu Feb 24 '23 at 15:13

Error while trying to authenticate with `gcloud init`

5 Answers5