Skip to content

fix(gemini): avoid duplicate auth headers on Google AI Studio endpoint#8128

Closed
midcodehub wants to merge 4 commits into
NousResearch:mainfrom
midcodehub:fix/gemini-auth-single-credential
Closed

fix(gemini): avoid duplicate auth headers on Google AI Studio endpoint#8128
midcodehub wants to merge 4 commits into
NousResearch:mainfrom
midcodehub:fix/gemini-auth-single-credential

Conversation

@midcodehub

@midcodehub midcodehub commented Apr 12, 2026

Copy link
Copy Markdown

Summary

Fix native Gemini authentication against the Google AI Studio OpenAI-compatible endpoint.

Hermes was constructing OpenAI clients in a way that could cause Google to receive multiple auth credentials for Gemini requests, leading to:

HTTP 400: Multiple authentication credentials received. Please pass only one.

This patch introduces a centralized OpenAI compatibility layer for Gemini and routes both primary-agent and auxiliary-client creation through it.

Root cause

Google AI Studio accepts either:

  • x-goog-api-key for standard API keys (AIza...)
  • Authorization: Bearer ... for bearer-style tokens

but not both at the same time.

The fix ensures:

  • AIza... keys use x-goog-api-key
  • bearer-style tokens such as AQ... continue using Authorization
  • conflicting auth headers are not emitted together

Changes

  • Added agent/openai_compat.py
    • central OpenAI/Gemini-compatible client factory
    • Gemini-specific auth header selection
  • Updated run_agent.py
    • main agent client creation now uses the compatibility factory
  • Updated agent/auxiliary_client.py
    • auxiliary sync/async client creation now also uses the compatibility factory
  • Added regression tests in tests/agent/test_openai_compat.py

Behavior after fix

  • Gemini + AIza... key → sends only x-goog-api-key
  • Gemini + bearer token (AQ...) → sends only Authorization
  • Existing non-Gemini providers remain unchanged

Validation

Ran:

pytest -q tests/agent/test_openai_compat.py tests/hermes_cli/test_gemini_provider.py -q

Passed successfully.

@teknium1 teknium1 mentioned this pull request Apr 18, 2026
Merged
@teknium1

teknium1 commented Apr 18, 2026

Copy link
Copy Markdown
Contributor

Closing in favor of #11961 (merged), which uses @AviArora02-commits' approach from #8530.

Thanks for tackling this — the centralized openai_compat.py factory was a nice architectural idea. We went with a more surgical fix because the root cause turned out to be narrower than the PR assumed: the Google AI Studio endpoint rejects Authorization: Bearer for new AQ.-prefixed keys (Google forum confirmation), regardless of prefix. So the merged fix uses x-goog-api-key for all Gemini keys rather than branching on prefix. Appreciate the investigation.

#11961

@teknium1 teknium1 closed this Apr 18, 2026
@teknium1 teknium1 mentioned this pull request Apr 18, 2026
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@midcodehub @teknium1