feat: go runtime sts client and adk integration#1880
Merged
Conversation
supreme-gg-gg
requested review from
EItanya,
ilackarms,
iplay88keys,
jmhbh and
yuval-k
as code owners
supreme-gg-gg
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a Go implementation of OAuth 2.0 Token Exchange (RFC 8693) and wires it into the Go ADK runtime so MCP tool calls can automatically receive exchanged (or propagated) Authorization headers, with E2E coverage for both Python and Go runtimes.
Changes:
- Introduces a new
go/adk/pkg/stspackage (STS client, integration wrapper, token-propagation ADK plugin, and tests). - Extends MCP HTTP transport to support a per-request dynamic header provider (used for STS-exchanged tokens).
- Wires the STS plugin into the Go ADK runner/agent setup and expands E2E tests to validate Go runtime STS exchange behavior.
Reviewed changes
Copilot reviewed 16 out of 16 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| go/go.mod | Adds JWT dependency used for parsing token expiry claims. |
| go/core/test/e2e/invoke_api_test.go | Runs STS integration E2E for both Python and Go runtimes and strengthens request assertions. |
| go/adk/pkg/sts/utils.go | Implements well-known discovery fetch + response normalization helpers. |
| go/adk/pkg/sts/plugin.go | Adds ADK plugin + header provider for per-session token exchange/propagation and caching. |
| go/adk/pkg/sts/plugin_test.go | Tests header injection and dynamic actor-token caching behavior. |
| go/adk/pkg/sts/models.go | Defines RFC 8693 request/response models and STS configuration types. |
| go/adk/pkg/sts/integration.go | Provides a higher-level integration wrapper around STS client + actor/subject token logic. |
| go/adk/pkg/sts/integration_test.go | Tests default subject-token extraction and actor-token caching behavior. |
| go/adk/pkg/sts/errors.go | Adds typed error structures for STS/config/network/exchange failures. |
| go/adk/pkg/sts/client.go | Implements the core STS token exchange client and request building. |
| go/adk/pkg/sts/client_test.go | Verifies request building, success paths, and error handling for STS client. |
| go/adk/pkg/sts/actor.go | Adds service-account token file reader for actor token retrieval. |
| go/adk/pkg/runner/adapter.go | Builds/enables the STS/token-propagation plugin via env and registers it with the ADK runner. |
| go/adk/pkg/mcp/registry.go | Adds DynamicHeaderProvider support and injects its headers into outbound MCP requests. |
| go/adk/pkg/mcp/registry_test.go | Tests precedence ordering between propagated/allowed/dynamic/static headers. |
| go/adk/pkg/agent/agent.go | Plumbs the STS plugin’s header provider into MCP toolset creation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
jmhbh
reviewed
May 16, 2026
Signed-off-by: Jet Chiang <[email protected]>
Signed-off-by: Jet Chiang <[email protected]>
Signed-off-by: Jet Chiang <[email protected]>
Signed-off-by: Jet Chiang <[email protected]>
supreme-gg-gg
force-pushed
the
feat/go-sts-client-new
branch
from
ad23d5c to
91cd53d
Compare
Signed-off-by: Jet Chiang <[email protected]>
jmhbh
approved these changes
May 21, 2026
EItanya
approved these changes
May 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.