diff --git a/docs/tools-custom/authentication.md b/docs/tools-custom/authentication.md index 232d8178b3..25cac2d514 100644 --- a/docs/tools-custom/authentication.md +++ b/docs/tools-custom/authentication.md @@ -127,7 +127,9 @@ specific interactive process with your ***Agent Client*** application. not require an authentication exchange. * **OAUTH2:** Provides standard OAuth 2.0 authentication flows, and requires configuration with client ID, secret, and scopes. This method often - triggers an interactive flow for user consent. + triggers an interactive flow for user consent. For enhanced security in OIDC + flows, the `OAuth2Auth` model now includes a `nonce` field to help prevent + replay attacks. * **OPEN\_ID\_CONNECT:** Provides authentication based on OpenID Connect. Similar to OAuth2, this type often requires configuration and user interaction. @@ -135,6 +137,20 @@ specific interactive process with your ***Agent Client*** application. JSON key or Application Default Credentials. This type typically exchanges a Bearer token. +### Custom authentication schemes + +In addition to the standard OpenAPI authentication schemes, you can define your own +custom authentication schemes by subclassing `CustomAuthScheme`. This is useful for +integrating with proprietary or legacy enterprise authentication systems that do not +follow OpenAPI standards. + +When creating a custom authentication scheme, you must define a default value for +the `type_` field. + +For easier registration of your custom authentication provider, you can also define +a `supported_auth_schemes` property on your `BaseAuthProvider` implementation. This +property should return a tuple of the scheme types your provider supports. + ## Tools and integrations quick guide Here is a quick guide to authentication for key ADK toolsets: @@ -806,4 +822,4 @@ except Exception as e: required: - code - message - ``` + ``` \ No newline at end of file