[BUG] Vertex AI with Gemini 2.5 Flash: "Could not refresh access token" error despite successful API calls via gcloud

[sts1992]

Problem (one or two sentences)

RooCode fails with "Could not refresh access token" error when using Gemini 2.5 Flash via Vertex AI, while direct API calls from PowerShell using the same credentials succeed.

Context (who is affected and when)

This affects users on Windows trying to use Gemini models through Vertex AI. The issue occurs with both ADC (Application Default Credentials) and service account key authentication methods.

Reproduction steps

1. Install Google Cloud SDK and set up ADC

   gcloud auth application-default login

2. Verify required permissions and APIs are enabled

   • IAM permissions: Owner role (or minimum Vertex AI User)
   • Vertex AI API is enabled
   • Billing account is active

3. Test direct API call via PowerShell (confirm it succeeds)

   $token = gcloud auth application-default print-access-token
   $headers = @{
       "Authorization" = "Bearer $token"
       "Content-Type" = "application/json"
   }
   $body = @{
       contents = @{
           role = "user"
           parts = @{ text = "Hello" }
       }
   } | ConvertTo-Json -Depth 10
   
   Invoke-RestMethod -Method Post -Uri "https://us-central1-aiplatform.googleapis.com/v1/projects/${project-id}/locations/us-central1/publishers/google/models/gemini-2.5-flash:generateContent" -Headers $headers -Body $body

4. Configure RooCode with the following settings

   • API Provider: GCP Vertex AI
   • Google Cloud Credentials: Empty
   • Google Cloud Key File Path: Empty
   • Google Cloud Project ID: ${project-id}
   • Google Cloud Region: us-central1
   • Model: gemini-2.5-flash

5. Send a simple prompt in RooCode (e.g., "Hello")

Expected result

Since PowerShell API calls succeed, RooCode should successfully connect to Gemini 2.5 Flash via Vertex AI and return a response.

Actual result

Error message is displayed and API request fails: API Request Failed Gemini generate context stream error: Could not refresh access token:

Variations tried (optional)

Tried all of the following variations, all resulted in the same error:

Authentication methods:

• Application Default Credentials (ADC)
• Direct paste of service account key JSON
• Service account key file path specification

Configuration changes:

• Region change: asia-northeast1 → us-central1
• Created new service account
• Regenerated ADC tokens (revoke → re-login)

Environment:

• Complete VS Code restart
• PC reboot

Workaround that works:

• Using Google Gemini API (direct API, not via Vertex AI)

### App Version*

v3.29.3

### API Provider (optional)

GCP Vertex AI

### Model Used (optional)

gemini-2.5-flash

### App Version

v3.29.3

### API Provider (optional)

Google Vertex AI

### Model Used (optional)

gemini-2.5-flash

### Roo Code Task Links (optional)

_No response_

### Relevant logs or errors (optional)

```shell

[roomote]

I'm exploring a potential fix for the Vertex AI authentication issue with Gemini 2.5 Flash. I'll investigate why the token refresh is failing despite successful direct API calls and will open a PR to share progress.

[roomote]

I've opened PR #8944 with a fix for the Vertex AI authentication issue on Windows.

The solution includes:

• Automatic detection and use of ADC file location on Windows
• Fallback mechanism to refresh tokens using gcloud CLI when authentication fails
• Improved error handling and logging for debugging

The implementation has been tested and reviewed with high confidence. CI checks are currently running. Feedback welcome!

[daniel-lxs]

Thanks for reporting this. We weren’t able to reproduce the behavior described on the current build, and no related logs or consistent repro steps have been provided. Since the issue can’t be confirmed at this point, we’ll close it for now.

If you’re still seeing the problem, please reopen the issue with exact reproduction steps, environment details, and any relevant logs so we can investigate further.