From 65cb2639a7dfffba74423124dc58772d6f6ae6d2 Mon Sep 17 00:00:00 2001 From: Tim Date: Thu, 5 Mar 2026 12:23:30 -0600 Subject: [PATCH] fix: stop silently swallowing authentication errors When `auth::get_token()` fails, the error was silently caught and the request sent without any Authorization header, resulting in a confusing 401 "Access denied. No credentials provided" response from Google APIs. This affected users on macOS Apple Silicon and other platforms where credential decryption can fail due to keyring issues, encryption key mismatches, or corrupted credential files. Because the error was swallowed, users saw a generic 401 with no indication that the CLI failed to load their credentials. Now the CLI prints the actual error message and troubleshooting steps, then exits with code 1 instead of sending an unauthenticated request. Fixes #137, #151, #156 Co-Authored-By: Claude Opus 4.6 --- src/main.rs | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/main.rs b/src/main.rs index 4497731..35d3adc 100644 --- a/src/main.rs +++ b/src/main.rs @@ -235,10 +235,20 @@ async fn run() -> Result<(), GwsError> { // Get scopes from the method let scopes: Vec<&str> = method.scopes.iter().map(|s| s.as_str()).collect(); - // Authenticate: try OAuth, otherwise proceed unauthenticated + // Authenticate let (token, auth_method) = match auth::get_token(&scopes, account.as_deref()).await { Ok(t) => (Some(t), executor::AuthMethod::OAuth), - Err(_) => (None, executor::AuthMethod::None), + Err(e) => { + eprintln!("Authentication failed: {e:#}"); + eprintln!(); + eprintln!("Troubleshooting:"); + eprintln!(" 1. Run `gws auth login --account ` to re-authenticate"); + eprintln!(" 2. Run `gws auth status` to check credential state"); + eprintln!( + " 3. If the problem persists, run `gws auth logout` then `gws auth login`" + ); + std::process::exit(1); + } }; // Execute