Skip to main content

adk_server/
auth_bridge.rs

1//! Auth middleware bridge for flowing authenticated identity into agent execution.
2//!
3//! This module defines the [`RequestContextExtractor`] trait that server operators
4//! implement to extract identity from HTTP requests, and the [`RequestContextError`]
5//! enum for extraction failures.
6//!
7//! The extracted [`RequestContext`] (re-exported from `adk-core`) carries user_id,
8//! scopes, and metadata into the [`InvocationContext`], making scopes available
9//! to tools via `ToolContext::user_scopes()`.
10//!
11//! # Example
12//!
13//! ```rust,ignore
14//! use adk_server::auth_bridge::{RequestContextExtractor, RequestContextError};
15//! use adk_core::RequestContext;
16//! use async_trait::async_trait;
17//!
18//! struct MyExtractor;
19//!
20//! #[async_trait]
21//! impl RequestContextExtractor for MyExtractor {
22//!     async fn extract(
23//!         &self,
24//!         parts: &axum::http::request::Parts,
25//!     ) -> Result<RequestContext, RequestContextError> {
26//!         let auth = parts.headers
27//!             .get("authorization")
28//!             .and_then(|v| v.to_str().ok())
29//!             .ok_or(RequestContextError::MissingAuth)?;
30//!         // ... validate token, build RequestContext ...
31//!         # todo!()
32//!     }
33//! }
34//! ```
35
36pub use adk_core::RequestContext;
37use async_trait::async_trait;
38
39/// Extracts authenticated identity from HTTP request headers.
40///
41/// Implementations typically parse a Bearer token from the `Authorization`
42/// header, validate it, and map claims to a [`RequestContext`].
43#[async_trait]
44pub trait RequestContextExtractor: Send + Sync {
45    /// Extract identity from the request parts (headers, URI, etc.).
46    async fn extract(
47        &self,
48        parts: &axum::http::request::Parts,
49    ) -> Result<RequestContext, RequestContextError>;
50}
51
52/// Errors that can occur during request context extraction.
53#[derive(Debug, thiserror::Error)]
54pub enum RequestContextError {
55    /// The `Authorization` header is missing from the request.
56    #[error("missing authorization header")]
57    MissingAuth,
58    /// The token was present but failed validation.
59    #[error("invalid token: {0}")]
60    InvalidToken(String),
61    /// An internal error occurred during extraction.
62    #[error("extraction failed: {0}")]
63    ExtractionFailed(String),
64}