Skip to content

feat: add token_endpoint_auth_method support to OAuth2 credentials #2870

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

feat: add token_endpoint_auth_method support to OAuth2 credentials #2870

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
089078e
feat: add token_endpoint_auth_method support to OAuth2 credentials
sully90 Sep 7, 2025
d7ae773
feat: use Literal type for token_endpoint_auth_method
sully90 Sep 7, 2025
ce7129d
Update tests/unittests/auth/test_oauth2_credential_util.py
sully90 Sep 7, 2025
c0e99c6
refactor: eliminate code duplication in OAuth2 credential tests
sully90 Sep 7, 2025
4c2ff81
run pyink and isort
sully90 Sep 15, 2025
ff65cbb
Merge branch 'main' into feat/oauth2-token-endpoint-auth-method
sully90 Sep 22, 2025
3a0d858
Merge branch 'feat/oauth2-token-endpoint-auth-method' of github.com:s…
sully90 Sep 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/google/adk/auth/auth_credential.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ class OAuth2Auth(BaseModelWithConfig):
expires_at: Optional[int] = None
expires_in: Optional[int] = None
audience: Optional[str] = None
token_endpoint_auth_method: Optional[str] = "client_secret_basic"


class ServiceAccountCredential(BaseModelWithConfig):
Expand Down
1 change: 1 addition & 0 deletions src/google/adk/auth/oauth2_credential_util.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ def create_oauth2_session(
scope=" ".join(scopes),
redirect_uri=auth_credential.oauth2.redirect_uri,
state=auth_credential.oauth2.state,
token_endpoint_auth_method=auth_credential.oauth2.token_endpoint_auth_method,
),
token_endpoint,
)
Expand Down
87 changes: 87 additions & 0 deletions tests/unittests/auth/test_oauth2_credential_util.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,93 @@ def test_create_oauth2_session_missing_credentials(self):
assert client is None
assert token_endpoint is None

def test_create_oauth2_session_with_token_endpoint_auth_method(self):
"""Test create_oauth2_session with token_endpoint_auth_method specified."""
scheme = OpenIdConnectWithConfig(
type_="openIdConnect",
openId_connect_url=(
"https://example.com/.well-known/openid_configuration"
),
authorization_endpoint="https://example.com/auth",
token_endpoint="https://example.com/token",
scopes=["openid", "profile"],
)
credential = AuthCredential(
auth_type=AuthCredentialTypes.OPEN_ID_CONNECT,
oauth2=OAuth2Auth(
client_id="test_client_id",
client_secret="test_client_secret",
redirect_uri="https://example.com/callback",
state="test_state",
token_endpoint_auth_method="client_secret_post",
),
)

client, token_endpoint = create_oauth2_session(scheme, credential)

assert client is not None
assert token_endpoint == "https://example.com/token"
assert client.client_id == "test_client_id"
assert client.client_secret == "test_client_secret"
assert client.token_endpoint_auth_method == "client_secret_post"

def test_create_oauth2_session_with_default_token_endpoint_auth_method(self):
"""Test create_oauth2_session with default token_endpoint_auth_method (None)."""
scheme = OpenIdConnectWithConfig(
type_="openIdConnect",
openId_connect_url=(
"https://example.com/.well-known/openid_configuration"
),
authorization_endpoint="https://example.com/auth",
token_endpoint="https://example.com/token",
scopes=["openid", "profile"],
)
credential = AuthCredential(
auth_type=AuthCredentialTypes.OPEN_ID_CONNECT,
oauth2=OAuth2Auth(
client_id="test_client_id",
client_secret="test_client_secret",
redirect_uri="https://example.com/callback",
state="test_state",
),
)

client, token_endpoint = create_oauth2_session(scheme, credential)

assert client is not None
assert token_endpoint == "https://example.com/token"
assert client.client_id == "test_client_id"
assert client.client_secret == "test_client_secret"
assert client.token_endpoint_auth_method == "client_secret_basic"

def test_create_oauth2_session_oauth2_scheme_with_token_endpoint_auth_method(
self,
):
"""Test create_oauth2_session with OAuth2 scheme and token_endpoint_auth_method."""
flows = OAuthFlows(
authorizationCode=OAuthFlowAuthorizationCode(
authorizationUrl="https://example.com/auth",
tokenUrl="https://example.com/token",
scopes={"read": "Read access", "write": "Write access"},
)
)
scheme = OAuth2(type_="oauth2", flows=flows)
credential = AuthCredential(
auth_type=AuthCredentialTypes.OAUTH2,
oauth2=OAuth2Auth(
client_id="test_client_id",
client_secret="test_client_secret",
redirect_uri="https://example.com/callback",
token_endpoint_auth_method="client_secret_jwt",
),
)

client, token_endpoint = create_oauth2_session(scheme, credential)

assert client is not None
assert token_endpoint == "https://example.com/token"
assert client.token_endpoint_auth_method == "client_secret_jwt"

def test_update_credential_with_tokens(self):
"""Test update_credential_with_tokens function."""
credential = AuthCredential(
Expand Down