Summary

The google-gemini-cli provider fails to complete OAuth because it expects a client_secret, but the Gemini CLI uses a public OAuth client (no secret required).

Steps to Reproduce

1. Install Gemini CLI: npm install -g @google/gemini-cli
2. Authenticate Gemini CLI directly: gemini (works fine)
3. Try ClawdBot provider: clawdbot models auth login --provider google-gemini-cli

Error

Error: Token exchange failed: {
  "error": "invalid_request",
  "error_description": "client_secret is missing."
}

Expected Behavior

ClawdBot should use the same public OAuth flow that Gemini CLI uses (PKCE without client_secret).

Environment

• ClawdBot: 2026.1.24-3
• Gemini CLI: 0.26.0
• OS: Windows 11

Workaround

Using google/gemini-2.5-pro with API key authentication, but this doesn't leverage the Ultra subscription quota that Gemini CLI OAuth provides.

Suggestion

Either:

1. Support public OAuth clients (PKCE flow without client_secret)
2. Or allow reusing Gemini CLI's existing OAuth tokens from ~/.gemini/oauth_creds.json