feat: add auth header to push notifications

[Wondr-design]

Description

• Add Authorization header for push notifications using PushNotificationConfig.authentication (prefers Bearer when present)
• Keep existing X-A2A-Notification-Token behavior
• Add unit test covering auth header behavior

Testing

• uv run pytest tests/server/tasks/test_push_notification_sender.py

Fixes #585

[gemini-code-assist]

Summary of Changes

Hello @Wondr-design, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a significant enhancement to the push notification system by integrating support for the 'Authorization' header. This allows for more robust and flexible authentication mechanisms, such as Bearer tokens, to be used when dispatching notifications. The change ensures that existing token-based authentication continues to function as expected, while providing a clear path for adopting modern authentication standards.

Highlights

• Authorization Header Support: Added functionality to include an 'Authorization' header in push notification requests, enhancing security and authentication options.
• Authentication Scheme Prioritization: The system now prioritizes the 'Bearer' authentication scheme when multiple schemes are provided in the PushNotificationConfig.
• Backward Compatibility: The existing 'X-A2A-Notification-Token' behavior is maintained and can be used alongside the new 'Authorization' header.
• Unit Test Coverage: A new unit test has been added to specifically cover the behavior and correct construction of the authentication header.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request adds support for an Authorization header in push notifications, which is a great feature enhancement. The implementation is clean, with new helper methods _build_headers and _authorization_header that neatly encapsulate the logic for header creation. The logic for preferring the 'Bearer' scheme is correctly implemented.

I've added one suggestion to improve test coverage for the new authentication logic to ensure its robustness against various edge cases. Overall, this is a solid contribution.

[Wondr-design]

Follow-up: CI lint flagged _NoOp.enter return typing in src/a2a/utils/telemetry.py. Updated to use Self with a py3.10-safe typing_extensions import and added typing-extensions to core deps; uv.lock updated accordingly.

[Wondr-design]

Added edge-case coverage for _authorization_header: no credentials, empty schemes, non-Bearer scheme selection, empty-string scheme filtering, and validation error for None scheme entries. All tests in tests/server/tasks/test_push_notification_sender.py pass locally.

[Wondr-design]

All checks are green ✅ This PR is ready for review/merge when you have a moment. Happy to make any adjustments.