Skip to main content

Crate adk_auth

Crate adk_auth 

Source
Expand description

§adk-auth

Access control and authentication for ADK-Rust.

§Overview

This crate provides enterprise-grade access control:

§Features

  • sso - Enable SSO/OAuth/OIDC support
  • auth-bridge - Enable JWT request context extraction for adk-server

§Quick Start

use adk_auth::{Permission, Role, AccessControl};

let admin = Role::new("admin")
    .allow(Permission::AllTools)
    .allow(Permission::AllAgents);

let user = Role::new("user")
    .allow(Permission::Tool("search".into()))
    .deny(Permission::Tool("code_exec".into()));

let ac = AccessControl::builder()
    .role(admin)
    .role(user)
    .assign("alice@example.com", "admin")
    .build()?;

ac.check("alice@example.com", &Permission::AllTools)?;

Re-exports§

pub use scope::ContextScopeResolver;
pub use scope::ScopeDenied;
pub use scope::ScopeGuard;
pub use scope::ScopeResolver;
pub use scope::ScopeToolExt;
pub use scope::ScopedTool;
pub use scope::ScopedToolDyn;
pub use scope::StaticScopeResolver;
pub use scope::check_scopes;

Modules§

scope
Scope-based access control for tools.

Structs§

AccessControl
Access control for checking permissions.
AccessControlBuilder
Builder for AccessControl.
AccessDenied
Error returned when access is denied.
AuditEvent
An audit event.
AuthMiddleware
A collection of auth utilities for integrating with ADK.
FileAuditSink
File-based audit sink that writes JSONL.
ProtectedTool
A tool wrapper that enforces access control and optionally logs audit events.
ProtectedToolDyn
Dynamic version of ProtectedTool for Arc<dyn Tool>.
Role
A role with a set of allowed and denied permissions.

Enums§

AuditEventType
Type of audit event.
AuditOutcome
Outcome of an audit event.
AuthError
General auth error.
Permission
Permission for accessing tools or agents.

Traits§

AuditSink
Trait for audit sinks.
ToolExt
Extension trait for easily wrapping tools with access control.