fix: API key input dialog user interaction when selected Gemini API Key (#21057)

Signed-off-by: Kartik Angiras <angiraskartik@gmail.com>

packages/cli/src/ui/auth/AuthDialog.test.tsx

@@ -254,7 +254,7 @@ describe('AuthDialog', () => {
       unmount();
     });
 
-    it('skips API key dialog on initial setup if env var is present', async () => {
+    it('always shows API key dialog even when env var is present', async () => {
       mockedValidateAuthMethod.mockReturnValue(null);
       vi.stubEnv('GEMINI_API_KEY', 'test-key-from-env');
       // props.settings.merged.security.auth.selectedType is undefined here, simulating initial setup
@@ -265,12 +265,12 @@ describe('AuthDialog', () => {
       await handleAuthSelect(AuthType.USE_GEMINI);
 
       expect(props.setAuthState).toHaveBeenCalledWith(
-        AuthState.Unauthenticated,
+        AuthState.AwaitingApiKeyInput,
       );
       unmount();
     });
 
-    it('skips API key dialog if env var is present but empty', async () => {
+    it('always shows API key dialog even when env var is empty string', async () => {
       mockedValidateAuthMethod.mockReturnValue(null);
       vi.stubEnv('GEMINI_API_KEY', ''); // Empty string
       // props.settings.merged.security.auth.selectedType is undefined here
@@ -281,7 +281,7 @@ describe('AuthDialog', () => {
       await handleAuthSelect(AuthType.USE_GEMINI);
 
       expect(props.setAuthState).toHaveBeenCalledWith(
-        AuthState.Unauthenticated,
+        AuthState.AwaitingApiKeyInput,
       );
       unmount();
     });
@@ -302,10 +302,10 @@ describe('AuthDialog', () => {
       unmount();
     });
 
-    it('skips API key dialog on re-auth if env var is present (cannot edit)', async () => {
+    it('always shows API key dialog on re-auth even if env var is present', async () => {
       mockedValidateAuthMethod.mockReturnValue(null);
       vi.stubEnv('GEMINI_API_KEY', 'test-key-from-env');
-      // Simulate that the user has already authenticated once
+      // Simulate switching from a different auth method (e.g., Google Login → API key)
       props.settings.merged.security.auth.selectedType =
         AuthType.LOGIN_WITH_GOOGLE;
 
@@ -315,7 +315,7 @@ describe('AuthDialog', () => {
       await handleAuthSelect(AuthType.USE_GEMINI);
 
       expect(props.setAuthState).toHaveBeenCalledWith(
-        AuthState.Unauthenticated,
+        AuthState.AwaitingApiKeyInput,
       );
       unmount();
     });

packages/cli/src/ui/auth/AuthDialog.tsx

@@ -137,13 +137,11 @@ export function AuthDialog({
         }
 
         if (authType === AuthType.USE_GEMINI) {
-          if (process.env['GEMINI_API_KEY'] !== undefined) {
+          // Always show the API key input dialog so the user can
-            setAuthState(AuthState.Unauthenticated);
+          // explicitly enter or confirm their key, regardless of
-            return;
+          // whether GEMINI_API_KEY env var or a stored key exists.
-          } else {
+          setAuthState(AuthState.AwaitingApiKeyInput);
-            setAuthState(AuthState.AwaitingApiKeyInput);
+          return;
-            return;
-          }
         }
       }
       setAuthState(AuthState.Unauthenticated);