Skip to content

fix: reuse google auth per provider instance#14102

Open
heiwen wants to merge 1 commit intovercel:mainfrom
heiwen:reuse-google-auth-per-provider-instance
Open

fix: reuse google auth per provider instance#14102
heiwen wants to merge 1 commit intovercel:mainfrom
heiwen:reuse-google-auth-per-provider-instance

Conversation

@heiwen
Copy link
Copy Markdown
Contributor

@heiwen heiwen commented Apr 3, 2026

Background

@ai-sdk/google-vertex used a module-level GoogleAuth cache in the shared Node auth helper. That cache was invalidated by object reference equality, which caused unnecessary GoogleAuth recreation in two cases:

  1. Multiple provider instances with equivalent googleAuthOptions would recreate auth when requests alternated between them.
  2. When googleAuthOptions was omitted, generateAuthToken(options || {}) created a new empty object on every call, so auth could be recreated on every request even for a single provider.

Because GoogleAuth caches the resolved auth client on the instance, recreating it discards warm auth state and can add avoidable auth overhead.

Summary

This PR removes the module-level GoogleAuth singleton from @ai-sdk/google-vertex's shared Node auth helper and replaces it with a per-provider auth token generator.

Changes included:

  • Replaced the shared generateAuthToken(options) helper with createAuthTokenGenerator(options), which creates one GoogleAuth instance and returns a reusable token generator closure.
  • Updated the Node provider entry points for:
    • @ai-sdk/google-vertex
    • @ai-sdk/google-vertex/anthropic
    • @ai-sdk/google-vertex/maas
  • Added regression tests covering:
    • repeated calls with omitted googleAuthOptions
    • repeated calls on a single provider instance
    • per-provider generator creation for the Node provider variants
  • Added a patch changeset for @ai-sdk/google-vertex

Manual Verification

I manually verified the change by inspecting the Node auth flow and confirming the auth generator is now created once during provider construction rather than on each request path.

Concretely:

  • confirmed each Node provider now creates createAuthTokenGenerator(options.googleAuthOptions) once at provider initialization
  • confirmed request-time header/fetch code now calls the returned generator with no options, so the undefined -> {} invalidation path is gone
  • confirmed the shared helper no longer stores module-level auth state

I also verified behavior through automated coverage:

  • pnpm --filter @ai-sdk/google-vertex test:node
  • pnpm type-check:full

Checklist

  • Tests have been added / updated (for bug fixes / features)
  • Documentation has been added / updated (for bug fixes / features)
  • A patch changeset for relevant packages has been added (for bug fixes / features - run pnpm changeset in the project root)
  • I have reviewed this pull request (self-review)

Future Work

A follow-up PR could evaluate whether the Edge auth path should also cache tokens or auth state more aggressively, since it uses a different implementation and is not addressed here.

Related Issues

Fixes #14101

@tigent tigent bot added ai/provider related to a provider package. Must be assigned together with at least one `provider/*` label bug Something isn't working as documented provider/google-vertex Issues related to the @ai-sdk/google-vertex provider labels Apr 3, 2026
@heiwen heiwen mentioned this pull request Apr 3, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

ai/provider related to a provider package. Must be assigned together with at least one `provider/*` label bug Something isn't working as documented provider/google-vertex Issues related to the @ai-sdk/google-vertex provider

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

@ai-sdk/google-vertex Node auth helper recreates GoogleAuth too often due to reference-based cache invalidation

1 participant

@heiwen