Update ADK doc according to issue #1650 - 3

[adk-bot]

3. Mention GcpAuthProviderScheme in custom authentication docs

Doc file: docs/tools-custom/authentication.md

Current state:

The "Supported initial credential types" section lists API_KEY, HTTP, OAUTH2, OPEN_ID_CONNECT, and SERVICE_ACCOUNT, but does not mention the GCP Agent Identity provider.

Proposed Change:

Add a mention of the GCP Agent Identity integration (GcpAuthProviderScheme) in the "Supported initial credential types" section or under a new section about Managed Authentication Services. Provide a link to the new integrations/agent-identity.md page. Mention that this provider automatically handles 2-legged and 3-legged OAuth flows using Google Cloud's IAM Connector Credentials service.

Reasoning:
The GcpAuthProviderScheme is a new, first-class custom auth scheme that provides managed credential flows. It should be mentioned in the primary authentication guide so developers know they don't have to build auth polling or consent completion entirely from scratch if using GCP.

Reference: src/google/adk/integrations/agent_identity/gcp_auth_provider.py

[netlify]

✅ Deploy Preview for adk-docs-preview ready!

Name	Link
🔨 Latest commit	c6e555d
🔍 Latest deploy log	https://app.netlify.com/projects/adk-docs-preview/deploys/69e27d5e3224ab0008c1eeb8
😎 Deploy Preview	https://deploy-preview-1655--adk-docs-preview.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[zyantw]

My analysis @joefernandez

• I'm concerned that this can be too vague for a developer or a real use. I would specify location, add a code snippet as an example, how many credentials are there?
• There is no more context about what a 2 or 3 legged OAuth is, even for developers or experts it should be very easy to use these docs.
• There should be a section of when to use it and when not to use this. Also as a user/reader I don't know if there are any prerequisites.
• In terms of structure in the authentication docs, It makes sense to add a section for GcpAuthProviderScheme in the supported credential types from the original documentation. or I would add a new subsection called Custom Authentication Types and provide further context.
• At the end I would also cross-link it with the main authentication articles or anything else related to GCP.

My solution:

Custom Authentication Types

Supported authentication types

• API Key
• Oauth2 client credentials

GcpAuthProviderScheme automatically handles 2-legged (direct server-to-server) and 3-legged (User → Authorizes App → App → Requests Token with User's Proof → Server → Provides Token.) OAuth flows via Google Cloud's IAM Connector Credentials service.

When to use: Running on GCP (Cloud Run, GKE, Compute Engine)
When NOT to use: Local dev or non GCP Infrastructure

Code example with snippet

reviewed code snippet

Links to other articles

For more authentication details for other pre-built tools and integrations see the ADK Integrations catalog.