Merge branch 'fix/adk-handle-invalid-app-name' of https://github.com/AbhishekMauryaGEEK/adk-python into fix/adk-handle-invalid-app-name

Author: AbhishekMauryaGEEK

src/google/adk/agents/invocation_context.py

@@ -28,6 +28,7 @@
 from ..apps.app import EventsCompactionConfig
 from ..apps.app import ResumabilityConfig
 from ..artifacts.base_artifact_service import BaseArtifactService
+from ..auth.auth_credential import AuthCredential
 from ..auth.credential_service.base_credential_service import BaseCredentialService
 from ..events.event import Event
 from ..memory.base_memory_service import BaseMemoryService
@@ -214,6 +215,9 @@ class InvocationContext(BaseModel):
   canonical_tools_cache: Optional[list[BaseTool]] = None
   """The cache of canonical tools for this invocation."""
 
+  credential_by_key: dict[str, AuthCredential] = Field(default_factory=dict)
+  """The resolved credentials for this invocation, keyed by credential_key."""
+
   _invocation_cost_manager: _InvocationCostManager = PrivateAttr(
       default_factory=_InvocationCostManager
   )

src/google/adk/agents/readonly_context.py

@@ -22,6 +22,7 @@
 if TYPE_CHECKING:
   from google.genai import types
 
+  from ..auth.auth_credential import AuthCredential
   from ..sessions.session import Session
   from .invocation_context import InvocationContext
   from .run_config import RunConfig
@@ -69,3 +70,7 @@ def user_id(self) -> str:
   def run_config(self) -> Optional[RunConfig]:
     """The run config of the current invocation. READONLY field."""
     return self._invocation_context.run_config
+
+  def get_credential(self, key: str) -> Optional[AuthCredential]:
+    """Gets a resolved credential by key for this invocation."""
+    return self._invocation_context.credential_by_key.get(key)

src/google/adk/flows/llm_flows/base_llm_flow.py

@@ -143,10 +143,11 @@ async def _resolve_toolset_auth(
     if not auth_config:
       continue
 
+    auth_config_copy = auth_config.model_copy(deep=True)
     try:
-      credential = await CredentialManager(auth_config).get_auth_credential(
-          callback_context
-      )
+      credential = await CredentialManager(
+          auth_config_copy
+      ).get_auth_credential(callback_context)
     except ValueError as e:
       # Validation errors from CredentialManager should be logged but not
       # block the flow - the toolset may still work without auth
@@ -158,14 +159,16 @@ async def _resolve_toolset_auth(
       credential = None
 
     if credential:
-      # Populate in-place for toolset to use in get_tools()
-      auth_config.exchanged_auth_credential = credential
+      # Store in invocation context to avoid data leakage and race conditions
+      invocation_context.credential_by_key[auth_config.credential_key] = (
+          credential
+      )
     else:
       # Need auth - will interrupt
       toolset_id = (
           f'{TOOLSET_AUTH_CREDENTIAL_ID_PREFIX}{type(tool_union).__name__}'
       )
-      pending_auth_requests[toolset_id] = auth_config
+      pending_auth_requests[toolset_id] = auth_config_copy
 
   if not pending_auth_requests:
     return

src/google/adk/tools/mcp_tool/mcp_tool.py

@@ -18,6 +18,7 @@
 import base64
 import inspect
 import logging
+import os
 from typing import Any
 from typing import Callable
 from typing import Dict
@@ -169,6 +170,16 @@ def __init__(
     Raises:
         ValueError: If mcp_tool or mcp_session_manager is None.
     """
+
+    # --- BEGIN BOUND TOKEN PATCH ---
+    # Set GOOGLE_API_PREVENT_AGENT_TOKEN_SHARING_FOR_GCP_SERVICES to false
+    # to disable bound token sharing. Tracking on
+    # https://github.com/google/adk-python/issues/5361
+    os.environ["GOOGLE_API_PREVENT_AGENT_TOKEN_SHARING_FOR_GCP_SERVICES"] = (
+        "false"
+    )
+    # --- END BOUND TOKEN PATCH ---
+
     super().__init__(
         name=mcp_tool.name,
         description=mcp_tool.description if mcp_tool.description else "",

src/google/adk/tools/mcp_tool/mcp_toolset.py

@@ -17,6 +17,7 @@
 import asyncio
 import base64
 import logging
+import os
 import sys
 from typing import Any
 from typing import Awaitable
@@ -158,6 +159,15 @@ def __init__(
       sampling_capabilities: Optional capabilities for sampling.
     """
 
+    # --- BEGIN BOUND TOKEN PATCH ---
+    # Set GOOGLE_API_PREVENT_AGENT_TOKEN_SHARING_FOR_GCP_SERVICES to false
+    # to disable bound token sharing. Tracking on
+    # https://github.com/google/adk-python/issues/5361
+    os.environ["GOOGLE_API_PREVENT_AGENT_TOKEN_SHARING_FOR_GCP_SERVICES"] = (
+        "false"
+    )
+    # --- END BOUND TOKEN  PATCH ---
+
     super().__init__(tool_filter=tool_filter, tool_name_prefix=tool_name_prefix)
 
     self._sampling_callback = sampling_callback
@@ -193,16 +203,31 @@ def __init__(
     )
     self._use_mcp_resources = use_mcp_resources
 
-  def _get_auth_headers(self) -> Optional[Dict[str, str]]:
+  def _get_auth_headers(
+      self, readonly_context: Optional[ReadonlyContext] = None
+  ) -> Optional[Dict[str, str]]:
     """Build authentication headers from exchanged credential.
 
+    Args:
+      readonly_context: Readonly context to get credentials from.
+
     Returns:
         Dictionary of auth headers, or None if no auth configured.
     """
-    if not self._auth_config or not self._auth_config.exchanged_auth_credential:
+    if not self._auth_config:
       return None
 
-    credential = self._auth_config.exchanged_auth_credential
+    credential = None
+    if readonly_context:
+      credential = readonly_context.get_credential(
+          self._auth_config.credential_key
+      )
+
+    if not credential:
+      credential = self._auth_config.exchanged_auth_credential
+
+    if not credential:
+      return None
     headers: Optional[Dict[str, str]] = None
 
     if credential.oauth2:
@@ -279,7 +304,7 @@ async def _execute_with_session(
         headers.update(provider_headers)
 
     # Add auth headers from exchanged credential if available
-    auth_headers = self._get_auth_headers()
+    auth_headers = self._get_auth_headers(readonly_context)
     if auth_headers:
       headers.update(auth_headers)
 

tests/unittests/auth/test_toolset_auth.py

@@ -110,6 +110,7 @@ def mock_invocation_context(self):
     ctx.credential_service = None
     ctx.app_name = "test-app"
     ctx.user_id = "test-user"
+    ctx.credential_by_key = {}
     return ctx
 
   @pytest.fixture
@@ -154,10 +155,10 @@ async def test_toolset_without_auth_config_skipped(
     assert mock_invocation_context.end_invocation is False
 
   @pytest.mark.asyncio
-  async def test_toolset_with_credential_available_populates_config(
+  async def test_toolset_with_credential_available_populates_context(
       self, mock_invocation_context, mock_agent
   ):
-    """Test that credential is populated in auth_config when available."""
+    """Test that credential is stored in invocation context when available."""
     auth_config = create_oauth2_auth_config()
     toolset = MockToolset(auth_config=auth_config)
     mock_agent.tools = [toolset]
@@ -184,8 +185,52 @@ async def test_toolset_with_credential_available_populates_config(
     # No auth request events - credential was available
     assert len(events) == 0
     assert mock_invocation_context.end_invocation is False
-    # Credential should be populated in auth_config
-    assert auth_config.exchanged_auth_credential == mock_credential
+    # Credential should be stored in invocation context, not auth_config
+    assert (
+        mock_invocation_context.credential_by_key[auth_config.credential_key]
+        == mock_credential
+    )
+    assert auth_config.exchanged_auth_credential is None
+
+  @pytest.mark.asyncio
+  async def test_toolset_auth_uses_copy_and_does_not_mutate_shared_config(
+      self, mock_invocation_context, mock_agent
+  ):
+    """Test that _resolve_toolset_auth uses a copy and does not mutate shared config."""
+    auth_config = create_oauth2_auth_config()
+    toolset = MockToolset(auth_config=auth_config)
+    mock_agent.tools = [toolset]
+
+    def create_mock_cm(cfg):
+      m = AsyncMock()
+      m._auth_config = cfg
+
+      async def get_cred(ctx):
+        cfg.exchanged_auth_credential = AuthCredential(
+            auth_type=AuthCredentialTypes.OAUTH2,
+            oauth2=OAuth2Auth(auth_uri="https://example.com/consent"),
+        )
+        return None
+
+      m.get_auth_credential = AsyncMock(side_effect=get_cred)
+      return m
+
+    with patch(
+        "google.adk.flows.llm_flows.base_llm_flow.CredentialManager",
+        side_effect=create_mock_cm,
+    ):
+      events = []
+      async for event in _resolve_toolset_auth(
+          mock_invocation_context, mock_agent
+      ):
+        events.append(event)
+
+    # Should yield one auth request event
+    assert len(events) == 1
+    assert mock_invocation_context.end_invocation is True
+
+    # The shared auth_config should NOT be mutated
+    assert auth_config.exchanged_auth_credential is None
 
   @pytest.mark.asyncio
   async def test_toolset_without_credential_yields_auth_event(

tests/unittests/tools/mcp_tool/test_mcp_toolset_auth.py

@@ -267,3 +267,32 @@ def test_get_auth_headers_api_key_non_header_logs_warning(self, caplog):
 
     # Should return None for non-header API key
     assert headers is None
+
+  def test_get_auth_headers_reads_from_readonly_context(
+      self, toolset_with_oauth2
+  ):
+    """Test that _get_auth_headers reads from ReadonlyContext first."""
+    from google.adk.agents.readonly_context import ReadonlyContext
+
+    mock_readonly_context = Mock(spec=ReadonlyContext)
+    mock_credential = AuthCredential(
+        auth_type=AuthCredentialTypes.OAUTH2,
+        oauth2=OAuth2Auth(access_token="token-from-context"),
+    )
+    mock_readonly_context.get_credential.return_value = mock_credential
+
+    # Even if exchanged_auth_credential has a different value
+    toolset_with_oauth2._auth_config.exchanged_auth_credential = AuthCredential(
+        auth_type=AuthCredentialTypes.OAUTH2,
+        oauth2=OAuth2Auth(access_token="token-from-config"),
+    )
+
+    headers = toolset_with_oauth2._get_auth_headers(
+        readonly_context=mock_readonly_context
+    )
+
+    assert headers is not None
+    assert headers["Authorization"] == "Bearer token-from-context"
+    mock_readonly_context.get_credential.assert_called_once_with(
+        toolset_with_oauth2._auth_config.credential_key
+    )