feat(toolbox-langchain): Support per-invocation auth via RunnableConfig
#291
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
anubhav756
force-pushed
the
anubhav-state-li
branch
from
d33d044 to
6d9a532
Compare
anubhav756
force-pushed
the
anubhav-self-auth-tools
branch
from
931c9fc to
93fd46d
Compare
anubhav756
force-pushed
the
anubhav-state-li
branch
from
6d9a532 to
eadd7d0
Compare
anubhav756
force-pushed
the
anubhav-self-auth-tools
branch
from
93fd46d to
336b8d5
Compare
|
/gcbrun |
anubhav756
force-pushed
the
anubhav-state-li
branch
from
eadd7d0 to
a304b28
Compare
anubhav756
force-pushed
the
anubhav-self-auth-tools
branch
from
336b8d5 to
0f50eb0
Compare
anubhav756
changed the title
RunnableConfig
packages/toolbox-langchain/src/toolbox_langchain/async_tools.py
Outdated
Show resolved
Hide resolved
In this case, we expect users to use dynamic methods for fetching tokens like getGoogleIdToken. |
anubhav756
force-pushed
the
anubhav-state-li
branch
from
a304b28 to
0418ed6
Compare
anubhav756
force-pushed
the
anubhav-self-auth-tools
branch
from
e1fd6d1 to
22aa329
Compare
Not necessarily in such a function like this one. For instance the app dev could fetch the user ID token from the frontend through a login button, and the app ID could be injected as an env var. Does that make sense? |
anubhav756
force-pushed
the
anubhav-state-li
branch
from
0418ed6 to
0a69d9f
Compare
anubhav756
force-pushed
the
anubhav-self-auth-tools
branch
from
09410c4 to
f41566a
Compare
anubhav756
force-pushed
the
anubhav-state-li
branch
from
26cd877 to
44a5813
Compare
anubhav756
force-pushed
the
anubhav-self-auth-tools
branch
2 times, most recently
from
57fd562 to
4e53bc0
Compare
anubhav756
force-pushed
the
anubhav-state-li
branch
from
44a5813 to
35660b2
Compare
anubhav756
added a commit
to GoogleCloudPlatform/genai-databases-retrieval-app
that referenced
this pull request
Jul 3, 2025
* Remove client session management from the orchestration class * This is now managed by Toolbox SDK internally * Simplify prompt creation * This is handled by the respective tools * Tools descriptions, params, annotations, etc. are loaded from Toolbox * These are added through `bind_tools` from LangGraph * This enables removal of the custom response message creation (which was added as a `TODO`) * Add logged in user's token to the `RunnableConfig` * This is necessary so that the tools that require authentication can read the user's token if available * Simplify tools helper file by removing tools and helpers since those are now handled by Toolbox SDK internally * Add a Toolbox URL to connect to through integration tests * Removes `ToolMessage` while inserting ticket. * This was causing an issue with `langchain-google-vertexai` ``` google.api_core.exceptions.InvalidArgument: 400 Please ensure that the number of function response parts should be equal to number of function call parts of the function call turn. ``` * Remove unused human and AI messages post book ticket flow. ## Diagram  > [!IMPORTANT] > This PR depends on a couple of features from Toolbox SDK: > * Support for optional parameters ([#290](googleapis/mcp-toolbox-sdk-python#290)) > * Self-authenticated tools via `RunnableConfig` ([#291](googleapis/mcp-toolbox-sdk-python#291)) > [!NOTE] > The failure in the integration test is expected. This PR is part of a series of changes, and the corresponding fix for this test is in a subsequent PR. > ### Reasoning > We've intentionally split the work into smaller, focused PRs to make the review process more manageable and efficient. > ### Merge Plan > All related PRs will be merged into the `toolbox-main` branch first. We will ensure all tests are passing on `toolbox-main` before merging the entire feature set into `main`.
anubhav756
force-pushed
the
anubhav-self-auth-tools
branch
from
4e53bc0 to
76c6fa4
Compare
anubhav756
force-pushed
the
anubhav-state-li
branch
from
35660b2 to
c7c7c7b
Compare
anubhav756
force-pushed
the
anubhav-state-li
branch
from
c7c7c7b to
b81d7b7
Compare
anubhav756
force-pushed
the
anubhav-self-auth-tools
branch
from
76c6fa4 to
5607a2c
Compare
anubhav756
force-pushed
the
anubhav-state-li
branch
2 times, most recently
from
35f5cf7 to
dac36c5
Compare
anubhav756
force-pushed
the
anubhav-self-auth-tools
branch
from
5607a2c to
6f8cbfc
Compare
anubhav756
added a commit
to GoogleCloudPlatform/genai-databases-retrieval-app
that referenced
this pull request
Jul 23, 2025
This PR updates the existing workflow to replace the prebuilt tool node with a new custom tool node. This new node is designed to intelligently handle tool auth by reading auth headers from the provided `RunnableConfig` by LangGraph. The custom node inspects the auth requirements of the underlying core tool within the `ToolboxTool`. If the tool requires authentication, the node dynamically creates an authenticated copy of the tool by attaching the necessary auth token getters using the `add_auth_token_getter` API. This authenticated tool instance is then used for the call and subsequently discarded. This same auth handling logic has also been applied to the node responsible for ticket insertion. > [!NOTE] > The functionality introduced in these custom nodes will be abstracted into the `ToolboxTool` itself in an upcoming release of the `toolbox-langchain` [#291](googleapis/mcp-toolbox-sdk-python#291). This will simplify the workflow in the future by handling authentication directly within the tool.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR introduces a major enhancement to the
toolbox-langchainpackage by adding support for dynamic, per-invocation authentication. This is achieved by readingauth_token_gettersfrom LangChain's standardRunnableConfig, enablingToolboxToolto be used safely and effectively in multi-user environments like LangGraph.Motivation
Currently, authentication tokens can only be provided to a
ToolboxToolat initialization time, either viaToolboxClient.load_tool/load_toolsetor by callingtool.add_auth_token_getters()on the tool instance. This static binding of credentials poses a significant challenge in modern agentic frameworks like LangGraph.Challenge
In LangGraph, a single graph containing tool instances is often created once and then shared across multiple users and requests. It is insecure and impractical to configure these shared tool instances with any single user's credentials. The required credentials must be provided dynamically, on a per-request basis.
Proposed Solution
This PR solves this problem by introducing a third, invocation-time method for providing auth. It leverages LangChain's idiomatic
RunnableConfigas the vehicle for passing request-specific authentication, makingtoolbox-langchainfully compatible with multi-tenant and shared-use patterns.Description of Changes
The core of this change lies in how the
ToolboxToolhandles an invocation:_arun/_run) is updated to accept theconfig: RunnableConfigargument, which is standard in the LangChain.config["configurable"]["auth_token_getters"].auth_token_gettersare found in the config, the tool:a. Introspects its own authentication and authorization requirements (using the properties exposed in fix(toolbox-core): Expose authorization token requirements on
ToolboxTool#294).b. Creates a temporary, in-memory copy of the underlying proxied
ToolboxTool. This is critical, as it ensures the original shared tool instance is never mutated.auth_token_gettersfrom theconfigare applied to this new, temporary copy of the tool using itsadd_auth_token_gettersmethod.This mechanism provides a thread-safe and secure way to handle user-specific credentials without affecting the shared state of the primary tool in the graph.
Usage Example