fix(auth): use backend project ID for free tier Gemini CLI OAuth users

[umairimtiaz9]

Problem

Google's Gemini API uses a frontend/backend project mapping system for free tier users:

• Frontend projects (e.g., gen-lang-client-*) are user-visible
• Backend projects (e.g., mystical-victor-*) host actual API access
• Only backend projects have access to preview models (gemini-3-*)

Previously, CLIProxyAPI ignored the backend project ID returned by Google's onboarding API and kept using the frontend ID, preventing access to preview models.

Solution

CLI (internal/cmd/login.go)

• Detect free tier users (gen-lang-client-* projects or FREE/LEGACY tier)
• Show interactive prompt allowing users to choose frontend or backend
• Default to backend (recommended for preview model access)
• Pro users: maintain original behavior (keep frontend ID)

Web UI (internal/api/handlers/management/auth_files.go)

• Detect free tier users using same logic
• Automatically use backend project ID (recommended choice)
• Pro users: maintain original behavior (keep frontend ID)

Deduplication (internal/cmd/login.go)

• Add deduplication when user selects ALL projects
• Prevents redundant API calls when multiple frontend projects map to same backend
• Skips duplicate project IDs in activation loop

Impact

• ✅ Free tier users: Can now access gemini-3-pro-preview and gemini-3-flash-preview models
• ✅ Pro users: No change in behavior (backward compatible)
• ✅ Only affects Gemini CLI OAuth (not antigravity or API key auth)

Testing

• Tested with free tier account selecting single project
• Tested with free tier account selecting ALL projects
• Verified deduplication prevents redundant onboarding calls
• Confirmed pro user behavior unchanged

Files Changed

• internal/cmd/login.go: +44 lines (interactive prompt + deduplication)
• internal/api/handlers/management/auth_files.go: +15 lines (auto-backend for free users)

[gemini-code-assist]

Summary of Changes

Hello @umairimtiaz9, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves an issue preventing free tier Gemini CLI users from accessing preview models by ensuring the correct backend project ID is used during authentication. It introduces logic to detect free tier users and either prompts them (for CLI) or automatically selects (for Web UI) the backend project ID, which is essential for preview model access. Additionally, a deduplication step is added to optimize project activation.

Highlights

• Free Tier Preview Model Access: Free tier Gemini CLI users can now access gemini-3-pro-preview and gemini-3-flash-preview models by correctly utilizing backend project IDs.
• CLI User Experience: Introduces an interactive prompt for free tier CLI users during login, allowing them to choose between frontend and backend project IDs, with the backend recommended for preview model access.
• Web UI Automation: For free tier users interacting via the Web UI, the system will now automatically use the backend project ID to ensure access to preview models.
• Project Deduplication: Implements a deduplication mechanism during project activation to prevent redundant API calls when multiple frontend projects map to the same backend project.
• Pro User Compatibility: Ensures that the changes are backward compatible and do not alter the behavior for pro users.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request correctly addresses an issue for free-tier Gemini users by ensuring the backend project ID is used, which enables access to preview models. The changes are well-contained, with separate logic for the CLI (interactive prompt) and the Web UI (automatic selection). The addition of project ID deduplication is also a good improvement.

My review includes a critical fix for error handling in the new interactive prompt, and a couple of suggestions to improve maintainability by reducing code duplication and refactoring the newly added UI logic into a separate function. Overall, this is a solid contribution that improves the user experience for a specific user group while maintaining backward compatibility.

[gemini-code-assist]

The error returned by reader.ReadString('\n') is ignored. If an I/O error occurs (e.g., os.Stdin is closed or redirected from an empty file), choice will be empty, and the code will silently default to using the recommended backend project ID. While this fallback is reasonable, ignoring errors is poor practice as it can hide underlying issues. The error should be checked and handled, for instance by logging a warning before proceeding with the default. It's also good practice to handle io.EOF gracefully, which can occur if the user signals end-of-input.

                                                choice, err := reader.ReadString('\n')
                                                if err != nil && err != io.EOF {
                                                        log.Warnf("Failed to read user input, defaulting to backend project ID: %v", err)
                                                }
                                                choice = strings.TrimSpace(choice)

[gemini-code-assist]

The logic to determine if a user is on a free tier is duplicated here and also in internal/api/handlers/management/auth_files.go (lines 2106-2108). To improve maintainability and adhere to the DRY (Don't Repeat Yourself) principle, this logic should be extracted into a shared helper function.

For example, you could create a function in a shared package like internal/auth/gemini:

// IsFreeTierUser checks if the user is on a free tier based on project and tier IDs.
func IsFreeTierUser(projectID, tierID string) bool {
    return strings.HasPrefix(projectID, "gen-lang-client-") ||
        strings.EqualFold(tierID, "FREE") ||
        strings.EqualFold(tierID, "LEGACY")
}

This would make the code cleaner and easier to update in the future.

[gemini-code-assist]

The performGeminiCLISetup function has expanded to include the interactive user prompt for project ID selection. To improve readability and separation of concerns, consider extracting this UI-related logic into a new, dedicated function. For example, a function like promptForProjectIDChoice(projectID, responseProjectID string) string could encapsulate the interaction and return the selected project ID. This would make performGeminiCLISetup more focused on the core onboarding flow and easier to test and maintain.

[tiltroom]

On the main branch gemini-cli oauth seems to be broken. I can login with my account in gemini-cli (pro user) but CLIPRoxyAPI auth fails with a project related error stating onboarding failed as it is unable to identify a project id.

Does this pr address this isssue in any way? I might merge it locally

[umairimtiaz9]

yeah that might be due to google changing something on their end, this PR only provides better UX specifcally for free users. also I'll try to submit a PR for automatically creating a project and getting its projectid if no project is available.