auth login reports success but subsequent commands fail with 'No credentials provided' / credentials decrypt error #27
Description
Summary
After successful gws auth login (with status: success and credentials saved), subsequent API commands fail with:
{
"code": 401,
"message": "Access denied. No credentials provided. Run `gws auth login` or set GOOGLE_WORKSPACE_CLI_CREDENTIALS_FILE to an OAuth credentials JSON file.",
"reason": "authError"
}gws auth status then shows:
encrypted_credentials_exists: trueencryption_valid: falseencryption_error: "Could not decrypt. May have been created on a different machine."
This occurred on the same machine/session immediately after successful login.
Repro
- Configure client_secret.json
- Run:
gws auth logout gws auth login - Complete OAuth browser flow; CLI returns success JSON.
- Run:
gws gmail users messages list --params '{"userId":"me","maxResults":1}'
Actual
auth loginclaims success.- next command cannot use credentials (
No credentials provided). - status reports encrypted creds cannot be decrypted.
Expected
- successful login should produce usable credentials for subsequent commands.
Notes
This looks like a storage/keyring mismatch in encrypted credential handling (or fallback key handling), not an OAuth consent failure.