Gemini-cli: OAuth Token Renewal Error At Startup

by Admin 49 views
Gemini-cli OAuth Token Renewal Issues at Startup: A Deep Dive

Hey guys, this article dives into a frustrating issue I've been hitting with Gemini-cli, specifically concerning unhandled promise rejections during startup. It seems to be related to OAuth token renewal with the MCP server, which in my case, is Stripe. Let's break down what's happening, what I expected, and what we can do to potentially fix this. This is all about getting Gemini-cli to play nicely with your MCP setup and avoid those pesky errors.

The Problem: Unhandled Promise Rejection

So, what's actually going wrong? I'm getting an Unhandled Promise Rejection error when Gemini-cli is starting up. The error message is pretty clear, it's a OAuth callback timeout. This occurs in the mcp-client-manager.js file, specifically during the initialize_mcp_clients phase, which takes the longest time, almost 4739ms. The stack trace points to an issue within the OAuth provider, specifically related to a timeout. This is a critical error because it prevents the application from starting and forces a shutdown. The debugging console output highlights the issue and shows the stages of startup, so we can see where the bottleneck is. This is a common problem, especially when dealing with token refresh flows and network-dependent operations.

Further, the error message 5 frames rendered while the app was idle in the past second and A flicker frame was detected suggests that there might be some React-related rendering issues involved too, further complicating the problem. But the core problem seems to stem from a failure to correctly handle OAuth token renewal. This whole mess means the Gemini-cli is unusable and requires a fix before anyone can use it, which is obviously very bad and very important to get fixed. I need the app to start without crashing so I can use it to help me debug other problems.

Detailed Error Analysis and Stack Trace

The stack trace gives us a detailed view of where the error originates. It shows that the timeout occurs within the oauth-provider.js file, during the callback process. This implies that Gemini-cli isn't successfully completing the OAuth flow, which is necessary to get the authorization tokens. The OAuth callback timeout suggests a problem during the communication with the OAuth server. Possibly the server is down or, there is a connection problem from my computer to the server. Or, more likely the Gemini-cli doesn't recognize or can't connect to the correct endpoint so it fails silently, waiting forever. Whatever the reason it is, this particular issue needs to be addressed before any further actions can be taken and is a primary requirement.

My Expectations and Stripe MCP Configuration

I was expecting Gemini-cli to seamlessly handle OAuth token renewal with the Stripe MCP server. I'm using the Stripe MCP server, and it's documented here: https://docs.stripe.com/mcp. My Gemini stripe MCP config is set up as follows:

{
  "mcpServers": {
    "stripe": {
      "httpUrl": "https://mcp.stripe.com",
      "oauth": {
        "enabled": true
      }
    }
  }
}

With this configuration, I'm expecting the Gemini-cli to authenticate with the Stripe MCP server and renew the OAuth tokens automatically as needed. My hope is that the authentication process can remain in place, so I don't need to do anything to ensure that it keeps working. So I expect Gemini-cli to be a good neighbor, and handle all the authentication and re-authentication on its own. It's supposed to work in the background, without any action on my part.

OAuth 2.1 Metadata and Discovery

The Gemini-cli should be able to discover the OAuth 2.1 metadata from the Stripe MCP server to identify and utilize the token refresh URL correctly. When testing with the MCP inspector tool, which is part of the node SDK, the metadata is correctly discovered from the /.well-known/oauth-authorization-server endpoint. This is really important because if Gemini-cli is not discovering the right URL, then the token renewal is never going to work. The metadata includes vital information such as the issuer, authorization endpoint, token endpoint, and grant types supported, which Gemini-cli needs to correctly manage the OAuth flow.

Client Information and Environment

To give you a better idea of my setup, here's some key client information:

  • CLI Version: 0.21.0-nightly.20251204.3da4fd5f7

  • Git Commit: 3da4fd5f7

  • Session ID: f27874b6-554e-48ad-9203-745ac269d6b1

  • Operating System: darwin v25.1.0

  • Sandbox Environment: no sandbox

  • Model Version: auto

  • Memory Usage: 302.0 MB

  • IDE Client: VS Code

  • Login information: Oauth Personal

Additional factors to be considered

With all this said, I'm a little confused as to why the application fails. The errors clearly shows there is an unhandled promise rejection error. I'm assuming that it is the oauth callback, but it could be other factors. And what's interesting, there seems to be a lot of timing delays while startup. And the memory usage isn't as small as I'd expect. So there are many things that could be related to these errors. I don't know for sure, so I'm not going to speculate. My goal is to get this resolved and work around these issues.

Potential Causes and Troubleshooting Steps

Here are some possible causes for the OAuth callback timeout and ways to troubleshoot:

  1. Network Issues: Check your internet connection. Ensure there are no firewall rules or proxy settings blocking the connection to the Stripe MCP server (mcp.stripe.com). Confirm that DNS resolution is working correctly.
  2. Incorrect Configuration: Double-check your Gemini-cli configuration, ensuring the mcpServers settings are accurate, especially the httpUrl. Make sure the URL is correct, and any specific requirements or configurations are properly set.
  3. Gemini-cli Bugs: It's possible there's a bug in the Gemini-cli's OAuth implementation. See if there are any open issues or bug reports related to the Stripe MCP or OAuth token renewal within the Gemini-cli's bug tracker. If not, consider opening a bug report that includes your detailed error information.
  4. OAuth Server Issues: The Stripe MCP server might have had an outage or problems. Check the Stripe status page to see if there are any reported issues. These problems are often outside of your control, but it's always good to check.
  5. Token Expiration: While token renewal should happen automatically, there could be a bug causing the token to expire and not refresh. Check your token expiration settings to see how long your tokens are valid. Try re-authorizing with the Gemini-cli to see if that fixes the problem.
  6. Node.js Environment Issues: Ensure your Node.js version is compatible with Gemini-cli and the @google/gemini-cli dependencies. Try upgrading or downgrading Node.js, and checking npm to make sure everything is installed.
  7. Dependency Conflicts: Check for dependency conflicts within your project. Update the node_modules directory by doing npm update. Resolve any conflicting dependencies. Sometimes these can create problems with the libraries that are being used.

Troubleshooting specific to OAuth

If the issue is in the Oauth flow, you can also consider these points:

  • Inspect Network Traffic: Use your browser's developer tools (Network tab) or a tool like curl or Postman to inspect the network requests made by Gemini-cli during the OAuth process. This will help you see if requests are timing out, if the endpoints are correct, and if any errors are returned by the server.
  • Test OAuth Flow Manually: Use a tool like curl or Postman to manually test the OAuth flow with the Stripe MCP server. This can help you isolate whether the problem is specifically in Gemini-cli, or in the connection to the MCP server. If you can't complete the flow manually, then there's likely a problem with your Stripe setup or the server.
  • Check Authorization Server Metadata: Confirm that the authorization server metadata (/.well-known/oauth-authorization-server) is correctly exposed and contains the necessary endpoints, such as token_endpoint, authorization_endpoint, etc.

Conclusion: Seeking a Solution

I'm hoping to get Gemini-cli working smoothly with the Stripe MCP server and avoid this unhandled promise rejection during startup. The core issue revolves around OAuth token renewal, specifically a OAuth callback timeout. This is likely a failure to correctly discover the renewal URL. By carefully examining the configuration, checking network connections, and testing the Oauth flow manually, it might be possible to determine the cause of the problem, and apply the needed fixes. I will monitor the situation and update the post with any further solutions.

I hope this helps others who are facing similar issues. Let's work together to fix this annoying problem and get Gemini-cli running without these errors!