Skip to content

fix(gemini): use x-goog-api-key header to prevent dual-auth 400 error#8172

Closed
konsisumer wants to merge 2 commits into
NousResearch:mainfrom
konsisumer:fix/gemini-dual-auth-7893
Closed

fix(gemini): use x-goog-api-key header to prevent dual-auth 400 error#8172
konsisumer wants to merge 2 commits into
NousResearch:mainfrom
konsisumer:fix/gemini-dual-auth-7893

Conversation

@konsisumer

@konsisumer konsisumer commented Apr 12, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Switches Gemini provider auth from Authorization: Bearer (OpenAI SDK default) to Google's native x-goog-api-key header, ensuring exactly one credential reaches the endpoint.
  • Applies to both the main agent client (run_agent.py) and auxiliary client (auxiliary_client.py) whenever the base URL targets generativelanguage.googleapis.com.
  • Updates existing tests and adds a new test verifying the header-only auth path.

Fixes #7893

Test plan

  • tests/hermes_cli/test_gemini_provider.py — 43 tests pass (including new test_gemini_uses_x_goog_api_key_header)
  • tests/agent/test_auxiliary_client.py — Gemini-related tests pass with updated assertions

@konsisumer konsisumer force-pushed the fix/gemini-dual-auth-7893 branch 2 times, most recently from 8321de9 to 6b2bb3a Compare April 12, 2026 08:36
@konsisumer konsisumer marked this pull request as ready for review April 12, 2026 10:34
@konsisumer
fix(gemini): use x-goog-api-key header to prevent dual-auth 400 error
574abf7 
Switch Gemini provider auth from Authorization: Bearer (OpenAI SDK default)
to Google's native x-goog-api-key header, ensuring exactly one credential
reaches the endpoint and preventing the 400 dual-auth error.

Applies to both the main agent client (run_agent.py) and auxiliary client
(auxiliary_client.py) whenever the base URL targets
generativelanguage.googleapis.com.

Fixes NousResearch#7893
@konsisumer
fix(ci): add git to Docker image and increase test timeout
738908a 
The whatsapp-bridge npm dependency @whiskeysockets/baileys uses a GitHub
branch ref that requires git at install time.  The test suite now exceeds
10 minutes on CI, bumping timeout to 15 minutes.
@konsisumer konsisumer force-pushed the fix/gemini-dual-auth-7893 branch from 6b2bb3a to 738908a Compare April 17, 2026 09:56
@konsisumer

konsisumer commented Apr 17, 2026

Copy link
Copy Markdown
Contributor Author

Bumping: linked issue #7893 received two fresh reports in the past few hours (evandrojr on gemma-4-31b-it and tbard1 on gemini-2.5-flash) hitting the exact BadRequestError [HTTP 400]: Multiple authentication credentials received this PR targets. The fix here (clear api_key and inject x-goog-api-key for generativelanguage.googleapis.com) resolves it; CI is green.

(Note: a separate class of reports in the same thread mentions Vertex-issued AQ* keys being rejected by the Google AI Studio endpoint — that's an upstream/endpoint-compat issue and out of scope for this PR.)

@teknium1 teknium1 mentioned this pull request Apr 18, 2026
Merged
@teknium1

teknium1 commented Apr 18, 2026

Copy link
Copy Markdown
Contributor

Closing in favor of #11961 (merged), which uses the same x-goog-api-key approach. Thanks for the fix — we went with #8530's version because it covered all three auxiliary_client.py paths (_resolve_api_key_provider pool + non-pool, plus resolve_provider_client); this PR patched only _wrap_if_needed, leaving the env-driven fallback paths still emitting Bearer. Appreciate the effort.

#11961

@teknium1 teknium1 closed this Apr 18, 2026
@teknium1 teknium1 mentioned this pull request Apr 18, 2026
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: HTTP 400 "Multiple authentication credentials received" when using native gemini provider

2 participants

@konsisumer @teknium1