gemini-cli - 💡(How to fix) Fix 403 ValidationRequiredError: SMS verification code never delivered (international numbers)

Description

Gemini CLI OAuth authentication succeeds and tokens are cached, but every API call returns:

403 ValidationRequiredError: "Verify your account to continue."

The verification flow requires sending an outbound SMS with a code to a Google short code. The SMS is never delivered — tried from two different phone numbers in two different countries (Spain and Ukraine). This is not a 2FA issue — OAuth login completes fine. This is the Gemini API anti-abuse phone verification gate.

Expected behavior

Verification SMS should be delivered, or an alternative verification method (browser-based, Google Prompt, authenticator app) should be offered.

Actual behavior

SMS is never delivered to the destination. No alternative verification method is offered. The CLI enters an infinite verification loop — even after re-authenticating, the same 403 is returned.

Steps to reproduce

1. brew install gemini-cli (v0.41.2)
2. gemini → Login with Google → OAuth succeeds, tokens cached in ~/.gemini/oauth_creds.json
3. Send any prompt → 403 ValidationRequiredError with validationLink pointing to accounts.google.com/signin/continue
4. Follow the link → asked to scan QR code and send SMS code
5. SMS never arrives at destination

Error output

ValidationRequiredError: Verify your account to continue.
cause: { code: 403, message: 'Verify your account to continue.' }
validationLink: https://accounts.google.com/signin/continue?...&continue=https://developers.google.com/gemini-code-assist/auth/auth_success_gemini

Environment

• OS: macOS (Darwin 25.4.0, Apple Silicon)
• CLI version: gemini-cli 0.41.2 (Homebrew)
• Node: via Homebrew
• Account: Google AI Pro subscriber
• Phone numbers tried: Spain (+34), Ukraine (+380) — neither receives the verification SMS

Additional context

• OAuth tokens are valid and cached — the issue is specifically the post-auth API verification gate
• Google Cloud Console support ticket creation fails ("no permission") despite being a paying AI Pro subscriber
• Related issues: #19936 (stuck in verification loop), #22970 (abuse mitigation discussion)
• International users appear disproportionately affected — Google's SMS short codes are unreliable outside the US
• Suggested fix: offer Google Prompt, TOTP authenticator, or passkey as alternative verification methods instead of SMS-only