Visible API-Key in login dialog window URL

[ayaxan7]

Pre-submit Checks

• I have searched Warp bugs and there are no duplicates
• I have searched Warp known issues page and my issue is not there
• I have included the logs (optional, but helps expedite the bug fix). Log gathering intructions

Describe the bug

While attempting to log in via the "Continue with GitHub" and "Continue with Google" button, I found that an API key (possibly related to GCP auth services) was exposed in the url. This could pose a security risk and should be reviewed to prevent unauthorized access.

Please review and remove the exposed key to avoid any potential misuse.

To reproduce

1. Go to "https://app.warp.dev/login/remote"
2. Click on "Continue with Github" or "Continue with Google"
3. You can see the API key in the url of the login dialog window for a second

Expected behavior

No response

Screenshots, videos, and logs

Screencast.from.2025-05-14.14-45-10.webm

Operating system (OS)

Linux

Operating system and version

Ubuntu 24.04.2

Shell Version

No response

Current Warp version

No response

Regression

Yes, this bug started recently or with an X Warp version

Recent working Warp date

No response

Additional context

No response

Does this block you from using Warp daily?

No

Is this an issue only in Warp?

Yes, I confirmed that this only happens in Warp, not other terminals.

Warp Internal (ignore): linear-label:b9d78064-c89e-4973-b153-5178a31ee54e

None

[dannyneira]

Thanks for your headsup @ayaxan7 We're aware of this and monitoring the situation. Closing as it's not a bug.

[bnavetta]

Hey! The key in that URL is a Firebase API key. These API keys aren't sensitive - they're more like the public client IDs that other services use for routing requests. Since they're used as identifiers, the Firebase API typically includes them as query params rather than (e.g.) Authorization HTTP headers.