Add a post about A2A security #2444
Conversation
|
🙈 The PR is closed and the preview is expired. |
cescoffier
left a comment
cescoffier
left a comment
There was a problem hiding this comment.
I looks good, but we should start working on the simplification. OIDC should be automatically plugged in.
| author: fjuma | ||
| --- | ||
|
|
||
| Today, we've released A2A Java SDK 0.3.0.Final which includes security and cloud related enhancements. |
There was a problem hiding this comment.
Wasn't it released before devoxx?
There was a problem hiding this comment.
That was 0.3.0.Beta2
|
@sberyozkin FYI. |
Yes, configuration simplification is one of the main things we'd like to work on next. We are tracking that here: |
| .streamingErrorHandler(streamingErrorHandler); | ||
|
|
||
| // Configure only the user-specified transport | ||
| switch (transport.toLowerCase()) { |
There was a problem hiding this comment.
I was wondering a bit where transport comes from, and found it is a parameter to the createClient() method. Might be worth pointing that out somehow
|
|
||
| > **NOTE**: In our sample, we're going to rely on Quarkus Dev Services to automatically create and configure | ||
| a Keycloak instance that we'll use as our OAuth2 provider. For more details on using Podman with | ||
| Quarkus, see this https://quarkus.io/guides/podman[guide]. |
There was a problem hiding this comment.
Looks like a sentence it missing: something along the way:
Quarkus Dev Services relies on a container engine such as docker or podman to be installed and properly configured. For more details on using Podman with
Quarkus, see this https://quarkus.io/guides/podman[guide].
|
|
||
| The A2A Java SDK provides two main classes related to authentication: | ||
|
|
||
| * `CredentialService`: An interface you implement to define how to obtain a credential for a specific security scheme. |
|
|
||
| return builder.build(); | ||
| ---- | ||
| <1> `CredentialService` is an interface provided by the A2A Java SDK. You can implement this interface to |
There was a problem hiding this comment.
You can implement this interface or You must implement this interface
There was a problem hiding this comment.
I'll leave this as "You can" since they could also implement their own interceptor to obtain credentials some other way, they don't have to use the AuthInterceptor.
|
As far as picking up incoming bearer or user login/code flow access tokens is concerned, injecting an instance of |
|
I guess an implementation of CredentialProvider that can be provided out of the box can do it, just check if the token is available or not. Concrete deployments will add quarkus oidc. |
|
Thanks @sberyozkin! Will keep that in mind. |
|
@cescoffier This is now ready to be merged. Thanks! |
|
Great! Thanks! |
5 participants
Creating this as a draft PR until we release 0.3.0.Final (which should happen very soon).