encounter/adk-python
0
0
Fork 0
mirror of https://github.com/encounter/adk-python.git synced 2026-03-30 10:57:20 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
710d9de01196fea72ec8a8dfce6e7f552bd01471
adk-python/tests
T
History
Google Team Member 33f7d118b3 feat(auth): Add native support for id_token in OAuth2 credentials 
## Problem
When performing authentication flows via `OAUTH2` or `OPEN_ID_CONNECT`, the native `OAuth2Token` response from identity providers, like Google OAuth, often includes an `id_token` alongside the `access_token` and `refresh_token`. [MCP Toolbox](https://googleapis.github.io/genai-toolbox/resources/authservices/google/) implements authentication through ID Tokens and [integrates with ADK](https://google.github.io/adk-docs/integrations/mcp-toolbox-for-databases/) to provide easy tools management for the end-users.

However, the ADK's `update_credential_with_tokens` utility explicitly drops the `id_token`, preventing agents and tools from verifying user identity or extracting OIDC claims securely. Furthermore, the `OAuth2Auth` model does not have a designated field for `id_token`.

## Solution
1. Added an `id_token: Optional[str] = None` field to the `OAuth2Auth` pydantic model in `auth_credential.py`.
2. Updated `update_credential_with_tokens` in `oauth2_credential_util.py` to correctly extract and map `tokens.get("id_token")` into the `OAuth2Auth` credential object.
3. Updated the relevant unit tests to ensure `id_token` is asserted and preserved during credential updates.

### Testing Plan

- I have added or updated unit tests for my change.
- All unit tests pass locally.

PiperOrigin-RevId: 871801313
2026-02-18 04:34:39 -08:00
..
integration
fix: propagate grounding and citation metadata in streaming responses
2026-02-10 14:36:21 -08:00
unittests
feat(auth): Add native support for id_token in OAuth2 credentials
2026-02-18 04:34:39 -08:00
__init__.py
chore: Upgrade to headers to 2026
2026-01-20 14:50:09 -08:00