Skip to content

feat: expose programmatic auth wiring#966

Merged
kabir merged 2 commits into
a2aproject:mainfrom
Sh1bari:feat/programmatic-auth-wiring
Jul 2, 2026
Merged

feat: expose programmatic auth wiring#966
kabir merged 2 commits into
a2aproject:mainfrom
Sh1bari:feat/programmatic-auth-wiring

Conversation

@Sh1bari

@Sh1bari Sh1bari commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Closes #965

Summary

This PR exposes the existing authorization wiring APIs for non-CDI runtimes.

The SDK already provides task-level authorization through TaskAuthorizationProvider and AuthorizationRequestHandlerDecorator, but non-CDI integrations (such as Spring Boot) create DefaultRequestHandler and TaskStore programmatically and cannot reuse the existing authorization flow because the framework-neutral constructors are not public.

Changes

  • make AuthorizationRequestHandlerDecorator(RequestHandler, TaskAuthorizationProvider) public
  • make InMemoryTaskStore(TaskAuthorizationProvider) public
  • add optional attributes support to AuthenticatedUser
  • add common user attribute constants

Why

This allows framework integrations to reuse the existing SDK authorization model without introducing framework-specific code or duplicating authorization logic.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds support for user attributes in the AuthenticatedUser record, introduces a UserAttributes class with common attribute constants, and exposes package-private constructors as public in AuthorizationRequestHandlerDecorator and InMemoryTaskStore to support non-CDI runtimes like Spring. The feedback suggests replacing the jakarta.annotation.Nullable import with org.jspecify.annotations.Nullable to maintain consistency and ensure compatibility with NullAway static analysis.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread server-common/src/main/java/org/a2aproject/sdk/server/auth/AuthenticatedUser.java Outdated
@Sh1bari Sh1bari force-pushed the feat/programmatic-auth-wiring branch from ba59f32 to 1dc67ea Compare July 1, 2026 23:29
Comment thread server-common/src/main/java/org/a2aproject/sdk/server/auth/UserAttributes.java Outdated
@Sh1bari Sh1bari requested a review from kabir July 2, 2026 11:48
@kabir kabir merged commit d31c098 into a2aproject:main Jul 2, 2026
13 checks passed
@kabir

kabir commented Jul 2, 2026

Copy link
Copy Markdown
Collaborator

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Feat]: Expose programmatic authorization wiring for non-CDI runtimes

2 participants