Just started using the CI Suite recently. We have it trigger on PR requests, but it seems like sometimes the SQL Validator checks can fail with “Error: OAuth log in required.” When I open Looker and login and am able to run Explores just fine, re-running the CI run still has same error.

We are using a BigQuery Connection

In release 26.4, some changes were made to how CI suites are run. Namely, they are now run by dedicated service accounts that have been automatically created by Looker (you can find these in the group ‘Looker CI Users’), rather than whatever user account you previously designated for running CI suites. If you are using access grants or access filters in your model then you need to make sure that these new CI users have access by updating the associated user attribute.

I don’t know if this is what’s causing your problem, but it means our CI suites were not running correctly, as the service accounts did not have full access when running the SQL validator.

The error you’re seeing — “OAuth log in required” when running the CI Suite SQL Validator — is tied to how Looker changed CI suite execution in release 26.4.you can try Check the CI service accounts,In Looker’s admin panel, locate the group “Looker CI Users”.Confirm the service accounts exist and are active.If your model uses access grants or filters, ensure the CI service accounts have the correct user attributes assigned.Align them with the attributes your regular account uses to run queries successfully.Since you’re using BigQuery, confirm that the CI service accounts have proper OAuth credentials or service account key access to BigQuery.Re-authenticate if necessary.After updating permissions, rerun the CI suite.The SQL Validator should now execute without the OAuth error.grant the new Looker CI service accounts the same access as your normal user account, especially for user attributes tied to access filters. That should resolve the OAuth login requirement error.

CI Suite OAuth Error Fix - Admin Checklist body { font-family: Arial, sans-serif; margin: 20px; background: #f9f9f9; color: #333; } h1 { color: #0057b8; } .checklist { background: #fff; padding: 20px; border-radius: 8px; box-shadow: 0 2px 6px rgba(0,0,0,0.1); } .checklist h2 { margin-top: 0; } ul { list-style-type: none; padding: 0; } li { margin: 12px 0; padding: 10px; background: #eef6ff; border-left: 4px solid #0057b8; } .note { font-size: 0.9em; color: #666; margin-top: 20px; }

Admin Checklist: Fixing CI Suite OAuth Error

Ok I see 10 users in Looker CI Users group. If I were to add user attributes to these CI users, how do I know which of these users is used during a given CI run? How do I give BQ OAuth creds for a Looker CI user?

Looker seems to randomly select a CI user from the pool of 10 whenever you run a CI suite. See for yourself by updating the <your_looker_url> placeholder and running this query:

https://<your_looker_url>/explore/system__activity/user?fields=user.id,user.name,user.is_service_account,history.query_run_count_drill&f[user.is_disabled]=&f[group.name]=Looker+CI+Users&sorts=history.query_run_count_drill+desc+0&limit=500&column_limit=50&vis=%7B%7D&filter_config=%7B%22user.is_disabled%22%3A%5B%7B%22type%22%3A%22any%22%2C%22values%22%3A%5B%7B%22constant%22%3A%22%22%7D%2C%7B%7D%5D%2C%22id%22%3A6%7D%5D%2C%22group.name%22%3A%5B%7B%22type%22%3A%22%3D%22%2C%22values%22%3A%5B%7B%22constant%22%3A%22Looker+CI+Users%22%7D%2C%7B%7D%5D%2C%22id%22%3A7%7D%5D%7D&dynamic_fields=%5B%5D&origin=share-expanded

You don’t need to know which CI user is being used, just add the group ‘Looker CI Users’ in the ‘Group Values’ tab of the user attribute.

Ah right that works for user attributes.

Still unclear how to give a CI user creds to access BigQuery, though.