[Feat]: Request PushNotification code implementation to match the security standard #210
Description
Is your feature request related to a problem? Please describe.
When i studying push notification interaction, there are few parts i am not quit understand.
[1] Regarding the security consideration[1], it suggests server export well-known endpoint (.well-known/jwt), Will this sdk support it in the future? or user need to implement this endpoint by themselves.
[2] WIthin A2A Server Security[2], it suggest server issue a http GET or OPTION request to client's webhook endpoint, and also put Authorization within header, I find there is InMemoryPushNotifier class, the send_notification method doesn't allow user to include this kinds of headers. Does this mean we need to create our own implementation which inherit from PushNotifier?
Would like to know whether there is a completely code which can support people to implement push notification interaction
[1] https://a2a-protocol.org/latest/topics/streaming-and-async/#client-webhook-receiver-security-when-receiving-notifications-from-a2a-server
[2] https://a2a-protocol.org/latest/topics/streaming-and-async/#a2a-server-security-when-sending-notifications-to-client-webhook
Describe the solution you'd like
I would like the adk can expose jwt endpoint (.well-known/jwt), and when InMemoryPushNotifier execute send_notification, it can include authentication header base on PushNotificationConfig from client
Describe alternatives you've considered
No response
Additional context
No response
Code of Conduct
- I agree to follow this project's Code of Conduct