Vertex AI OAuth tokens sent as query parameters instead of Authorization header

[RAKESHRANA45]

Problem

When using Google Vertex AI models through the gateway, OAuth2 access tokens (starting with ya29.) are being sent as query parameters (?key=ya29...) instead of in the Authorization: Bearer header. Vertex AI requires OAuth tokens in the Authorization header and returns a 401 error when tokens are sent as query parameters.

Error

401 Unauthorized: API keys are not supported by this API. Expected OAuth2 access token or other authentication credentials that assert a principal.

Expected Behavior

OAuth tokens should be sent in the Authorization: Bearer header, not as query parameters.

Current Code Issues

1. packages/models/src/get-provider-endpoint.ts (line ~87):

   • Base URL is hardcoded to https://aiplatform.googleapis.com instead of region-specific
   • OAuth tokens are added to query params (line ~237)

2. packages/models/src/get-provider-headers.ts (line ~18):

   • google-vertex case returns empty headers {}
   • Should return Authorization: Bearer header for OAuth tokens

Environment

• Project ID: ``
• Region: us-central1
• Token format: ya29.c.c0AYnqX... (OAuth2 access token)

Workaround

Currently calling Vertex AI directly bypassing the gateway, but would prefer to use the gateway for consistency.

Suggested Fix

• Detect OAuth tokens (starting with ya29. or 1//)
• Send OAuth tokens in Authorization: Bearer header
• Use region-specific base URL: https://${region}-aiplatform.googleapis.com
• Only send API keys (not OAuth tokens) as query parameters

[steebchen]

right now we only support api tokens. we are happy to merge a PR for oauth support

[RAKESHRANA45]

Thanks for the response.

Issue:
Vertex AI only accepts OAuth2 tokens (e.g., ya29.c.c0AYnqX...) in the Authorization: Bearer header.
It does not accept API keys, so the current query-parameter approach returns 401.
We need Vertex AI models through the gateway.

What is the expected timeline for this feature? We’re currently using a workaround (calling Vertex AI directly), but would prefer to use the gateway for consistency.
Thank you for considering this.

[steebchen]

if you are a paid customer we can prioritize this feature, if you are on self hosted there are no guarantees or timelines on feature requests. if you send a PR we will be happy to merge it