Issue Station
Sign In
Tools hereToolbox

gemini-cli - ✅(Solved) Fix On Linux, gemini-cli launches the wrong browser when selecting authentication through Google [1 pull requests, 1 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
google-gemini/gemini-cli#25271Fetched 2026-04-14 05:56:19
View on GitHub
Comments
0
Participants
1
Timeline
4
Reactions
0
Author
guss77guss77
Participants
guss77guss77
Timeline (top)
labeled ×3cross-referenced ×1

Fix Action

Fixed

PR fix notes

PR #25274: replace NPM open package with the internal openBrowserSecurely function

Description (problem / solution / changelog)

Summary

The 'open' package from NPM bunldes its own (often out of date) version of xdg-open, and uses it on Linux when there is a perfectly working system xdg-open. The bundled xdg-open often ignores the user's configured default browser and can cause weird behaviors.

Details

The project has its own openBrowserSecurely() function that is used everywhere except for the OAuth2 authentication flow, and ther's no reason it can't be used there as well, so this patch removes the 'open' use in oauth2.ts and replaces it with the internal feature.

Related Issues

Fixes #25271

How to Validate

To validate, set up a custom browser configuration (I use a custom application launcher that launches google-chrome with a non-default user-dir: --user-data-dir=.config/some-other-chrome-config). Run the gemini CLI and try to "Authenticate with a Google account" - it should launch the custom browser.

Pre-Merge Checklist

<!-- Check all that apply before requesting review or merging. -->
  • Updated relevant documentation and README (if needed)
  • Added/updated tests (if needed)
  • Noted breaking changes (if any)
  • Validated on required platforms/methods:
    • MacOS
      • npm run
      • npx
      • Docker
      • Podman
      • Seatbelt
    • Windows
      • npm run
      • npx
      • Docker
    • Linux
      • npm run
      • npx
      • Docker

Changed files

  • packages/core/src/code_assist/oauth2.test.ts (modified, +56/-41)
  • packages/core/src/code_assist/oauth2.ts (modified, +63/-75)

Code Example

$ head ~/.npm-packages/lib/node_modules/\@google/gemini-cli/package.json 
{
  "name": "@google/gemini-cli",
  "version": "0.37.1",
  "description": "Gemini CLI",
  "license": "Apache-2.0",
  "repository": {
    "type": "git",
    "url": "git+https://github.com/google-gemini/gemini-cli.git"
  },
  "type": "module",
RAW_BUFFERClick to expand / collapse

What happened?

When launching gemini-cli and asking it to authenticate using Google, it launches a browser to complete the authentication process. I have multiple browsers installed, and for some reason it doesn't just use xdg-open and instead somehow launchers Falkon instead of the default browser configured, which is a Google Chrome variant.

What did you expect to happen?

It should open Google Chrome - either the default configuration, or the custom .desktop file that is actually set as the default browser in xdg-settings.

Client information

I cannot complete the login to Gemini-cli, so I cannot run the process described in the template.

I can share this command and the result of it on, when run on my system:

$ head ~/.npm-packages/lib/node_modules/\@google/gemini-cli/package.json 
{
  "name": "@google/gemini-cli",
  "version": "0.37.1",
  "description": "Gemini CLI",
  "license": "Apache-2.0",
  "repository": {
    "type": "git",
    "url": "git+https://github.com/google-gemini/gemini-cli.git"
  },
  "type": "module",

Login information

Google account

Anything else we need to know?

Running claude-code to analyze the issue, it came up with this explanation:

● Here's the finding:

The issue is in packages/core/src/code_assist/oauth2.ts:304. It uses the third-party open npm package to launch the browser, while the other two auth flows (MCP OAuth at oauth-provider.ts:465 and A2A OAuth at oauth2-provider.ts:268) correctly use the project's own openBrowserSecurely() from secure-browser-launcher.ts.

Why the wrong browser launches: The open package (v10.1.2) ships a bundled copy of xdg-open (a ~1260-line shell script) and prefers it over the system's xdg-open. This bundled script does its own desktop environment detection and browser resolution, which can differ from the system's actual default browser configuration. It falls back to a hardcoded list (x-www-browser, firefox, iceweasel, seamonkey, mozilla, epiphany, konqueror, chromium, chromium-browser, google-chrome) rather than respecting xdg-settings get default-web-browser.

The project's own openBrowserSecurely() in secure-browser-launcher.ts correctly calls the system xdg-open via execFile, which properly delegates to the user's configured default browser.

The fix is to replace the open package call in oauth2.ts with openBrowserSecurely(), consistent with the other two auth flows

extent analysis

TL;DR

The issue can be fixed by replacing the open package call in oauth2.ts with openBrowserSecurely() to respect the system's default browser configuration.

Guidance

  • The open package (v10.1.2) is using a bundled copy of xdg-open which is not respecting the system's default browser configuration.
  • To fix this, the open package call in oauth2.ts should be replaced with openBrowserSecurely() from secure-browser-launcher.ts, which correctly calls the system xdg-open via execFile.
  • This change will ensure that the default browser configured in xdg-settings is used for authentication.
  • The other two auth flows (MCP OAuth and A2A OAuth) are already using openBrowserSecurely() correctly.

Example

// Replace this line in oauth2.ts:
open(authUrl, { wait: true });

// With this:
openBrowserSecurely(authUrl);

Notes

This fix assumes that the openBrowserSecurely() function is correctly implemented in secure-browser-launcher.ts and that it properly handles the system's default browser configuration.

Recommendation

Apply workaround: Replace the open package call with openBrowserSecurely() to ensure that the system's default browser is used for authentication. This change is consistent with the other two auth flows and respects the user's configured default browser.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#api#installation#tensor shape#autograd error#model save/load

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING