forked from google/adk-python
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauthenticated_function_tool.py
More file actions
107 lines (94 loc) · 3.72 KB
/
authenticated_function_tool.py
File metadata and controls
107 lines (94 loc) · 3.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from __future__ import annotations
import inspect
import logging
from typing import Any
from typing import Callable
from typing import Dict
from typing import Optional
from typing import Union
from typing_extensions import override
from ..auth.auth_credential import AuthCredential
from ..auth.auth_tool import AuthConfig
from ..auth.credential_manager import CredentialManager
from ..utils.feature_decorator import experimental
from .function_tool import FunctionTool
from .tool_context import ToolContext
logger = logging.getLogger("google_adk." + __name__)
@experimental
class AuthenticatedFunctionTool(FunctionTool):
"""A FunctionTool that handles authentication before the actual tool logic
gets called. Functions can accept a special `credential` argument which is the
credential ready for use.(Experimental)
"""
def __init__(
self,
*,
func: Callable[..., Any],
auth_config: AuthConfig = None,
response_for_auth_required: Optional[Union[dict[str, Any], str]] = None,
):
"""Initializes the AuthenticatedFunctionTool.
Args:
func: The function to be called.
auth_config: The authentication configuration.
response_for_auth_required: The response to return when the tool is
requesting auth credential from the client. There could be two case,
the tool doesn't configure any credentials
(auth_config.raw_auth_credential is missing) or the credentials
configured is not enough to authenticate the tool (e.g. an OAuth
client id and client secret are configured) and needs client input
(e.g. client need to involve the end user in an oauth flow and get
back the oauth response.)
"""
super().__init__(func=func)
self._ignore_params.append("credential")
if auth_config and auth_config.auth_scheme:
self._credentials_manager = CredentialManager(auth_config=auth_config)
else:
logger.warning(
"auth_config or auth_config.auth_scheme is missing. Will skip"
" authentication.Using FunctionTool instead if authentication is not"
" required."
)
self._credentials_manager = None
self._response_for_auth_required = response_for_auth_required
@override
async def run_async(
self, *, args: dict[str, Any], tool_context: ToolContext
) -> Any:
credential = None
if self._credentials_manager:
credential = await self._credentials_manager.get_auth_credential(
tool_context
)
if not credential:
await self._credentials_manager.request_credential(tool_context)
return self._response_for_auth_required or "Pending User Authorization."
return await self._run_async_impl(
args=args, tool_context=tool_context, credential=credential
)
async def _run_async_impl(
self,
*,
args: dict[str, Any],
tool_context: ToolContext,
credential: AuthCredential,
) -> Any:
args_to_call = args.copy()
signature = inspect.signature(self.func)
if "credential" in signature.parameters:
args_to_call["credential"] = credential
return await super().run_async(args=args_to_call, tool_context=tool_context)