feat: expose programmatic auth wiring#966
Conversation
There was a problem hiding this comment.
Code Review
This pull request adds support for user attributes in the AuthenticatedUser record, introduces a UserAttributes class with common attribute constants, and exposes package-private constructors as public in AuthorizationRequestHandlerDecorator and InMemoryTaskStore to support non-CDI runtimes like Spring. The feedback suggests replacing the jakarta.annotation.Nullable import with org.jspecify.annotations.Nullable to maintain consistency and ensure compatibility with NullAway static analysis.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
ba59f32 to
1dc67ea
Compare
|
Thanks! |
Closes #965
Summary
This PR exposes the existing authorization wiring APIs for non-CDI runtimes.
The SDK already provides task-level authorization through
TaskAuthorizationProviderandAuthorizationRequestHandlerDecorator, but non-CDI integrations (such as Spring Boot) createDefaultRequestHandlerandTaskStoreprogrammatically and cannot reuse the existing authorization flow because the framework-neutral constructors are not public.Changes
AuthorizationRequestHandlerDecorator(RequestHandler, TaskAuthorizationProvider)publicInMemoryTaskStore(TaskAuthorizationProvider)publicAuthenticatedUserWhy
This allows framework integrations to reuse the existing SDK authorization model without introducing framework-specific code or duplicating authorization logic.