Environment
Repro
$ aware connect trimble-connect --device-code --json
{"phase":"result","status":"error","integration":"trimble-connect",
"error":"validation failed: integration trimble-connect does not support device-code flow (use --oauth instead)"} # ✅ clean, actionable
$ aware connect google-workspace --device-code --json
{"phase":"result","status":"error","integration":"google-workspace",
"error":"network error: device authorization request: https://oauth2.googleapis.com/device/code: status code 401"} # ❌ raw 401, no guidance
$ aware connect microsoft-365 --device-code # works end-to-end
Root cause
The bundled Google OAuth client is a Desktop/loopback client, not a "TV and Limited Input devices" client — Google's device-authorization flow requires the latter, so https://oauth2.googleapis.com/device/code returns 401. AWARE attempts the device flow regardless and surfaces the raw 401. For Trimble it instead pre-validates and returns a clear use --oauth instead.
Impact
A front-end that offers a single "Connect (device-code)" affordance (as the device-code NDJSON contract from #143 invites) gets a confusing network 401 for Google with zero guidance — versus the clean, actionable message Trimble gives. Inconsistent behavior across providers; a footgun for anyone building on --device-code.
Ask
Make Google consistent with Trimble — either:
- pre-validate that
google-workspace doesn't support device-code and emit does not support device-code flow (use --oauth instead), or
- ship a device-flow-capable Google client so
--device-code actually works.
--oauth (loopback) works today for both Google and Trimble with the bundled clients (verified — the flow starts and waits), so the cleanest fix is the pre-validation message pointing there.
Related
Environment
aware0.43.0 (npm), bundled first-party OAuth apps (Ship a registered OAuth app + bundled client IDs so aware connect --device-code/--oauth works for end users #141/feat(connect): ship registered M365 + Google OAuth apps (#141) #145).Repro
Root cause
The bundled Google OAuth client is a Desktop/loopback client, not a "TV and Limited Input devices" client — Google's device-authorization flow requires the latter, so
https://oauth2.googleapis.com/device/codereturns 401. AWARE attempts the device flow regardless and surfaces the raw 401. For Trimble it instead pre-validates and returns a clearuse --oauth instead.Impact
A front-end that offers a single "Connect (device-code)" affordance (as the device-code NDJSON contract from #143 invites) gets a confusing network 401 for Google with zero guidance — versus the clean, actionable message Trimble gives. Inconsistent behavior across providers; a footgun for anyone building on
--device-code.Ask
Make Google consistent with Trimble — either:
google-workspacedoesn't support device-code and emitdoes not support device-code flow (use --oauth instead), or--device-codeactually works.--oauth(loopback) works today for both Google and Trimble with the bundled clients (verified — the flow starts and waits), so the cleanest fix is the pre-validation message pointing there.Related