🔴 Required Information
Describe the Bug:
build_auth_request_event in src/google/adk/flows/llm_flows/functions.py builds the adk_request_credential (EUC) FunctionCall.args with AuthToolArguments(...).model_dump(exclude_none=True, by_alias=True). The default mode="python" leaves the auth scheme's type field as a live SecuritySchemeType enum member inside the args dict, rather than its string value. The resulting Event.content is therefore not JSON-serializable: any consumer that calls json.dumps on the in-memory event content raises TypeError: Object of type SecuritySchemeType is not JSON serializable.
This is latent for most flows because the session DB launders enums to strings on write (pydantic JSON serialization), and ADK's own auth preprocessor re-validates the args from either form. It surfaces for any consumer that serializes the in-memory event before it round-trips through the DB. A concrete trigger is memory ingestion: VertexAiMemoryBankService hands the in-memory event.content to the Vertex SDK, which json.dumps's it.
Steps to Reproduce:
Run the snippet below against google-adk 2.2.0. It performs the same model_dump call as build_auth_request_event and then the same json.dumps the Vertex SDK performs during memory ingestion.
import json
from google.adk.auth.auth_tool import AuthConfig, AuthToolArguments
from google.adk.auth.auth_credential import AuthCredential, AuthCredentialTypes, OAuth2Auth
from google.adk.auth.auth_schemes import OAuth2
from fastapi.openapi.models import OAuthFlows, OAuthFlowAuthorizationCode
scheme = OAuth2(flows=OAuthFlows(authorizationCode=OAuthFlowAuthorizationCode(
authorizationUrl="https://example/authorize", tokenUrl="https://example/token", scopes={})))
cfg = AuthConfig(auth_scheme=scheme,
raw_auth_credential=AuthCredential(auth_type=AuthCredentialTypes.OAUTH2,
oauth2=OAuth2Auth(client_id="x", client_secret="y")))
# The exact dump build_auth_request_event performs (functions.py, default mode="python")
args = AuthToolArguments(function_call_id="abc", auth_config=cfg).model_dump(
exclude_none=True, by_alias=True)
print(repr(args["authConfig"]["authScheme"]["type"])) # <SecuritySchemeType.oauth2: 'oauth2'> — live enum
json.dumps(args) # TypeError: Object of type SecuritySchemeType is not JSON serializable
# The fix: mode="json" coerces the enum to its string value, same dump otherwise
fixed = AuthToolArguments(function_call_id="abc", auth_config=cfg).model_dump(
mode="json", exclude_none=True, by_alias=True)
print(repr(fixed["authConfig"]["authScheme"]["type"])) # 'oauth2'
json.dumps(fixed) # passesExpected Behavior:
The adk_request_credential FunctionCall.args are JSON-serializable, consistent with how the same content is stored and re-read from the session DB. model_dump(mode="json", exclude_none=True, by_alias=True) coerces the enum to its "oauth2" string while preserving aliases; ADK's parse-back is unaffected because pydantic validation accepts the string form (exactly what it already does for DB-read events).
Observed Behavior:
json.dumps on the in-memory event content raises:
TypeError: Object of type SecuritySchemeType is not JSON serializable
In a real flow (memory ingest on the EUC turn) this surfaces as a background task failure:
ERROR vertex_ai_memory_bank_service.py | Background ingest_events task failed: Object of type SecuritySchemeType is not JSON serializable
Environment Details:
- ADK Library Version (pip show google-adk): 2.2.0 (latest release; identical on
main, the dump is at functions.py:305, SHA 9670ce2)
- Desktop OS: macOS
- Python Version (python -V): 3.13
Model Information:
- Are you using LiteLLM: No
- Which model is being used: N/A, the bug is in event construction and model-independent
🟡 Optional Information
Regression:
Not a recent regression. The python-mode dump has been in place across releases (present in the 1.x line and unchanged on the current 2.x main); it only becomes observable when a consumer serializes the in-memory EUC event before DB round-trip.
Logs:
TypeError: Object of type SecuritySchemeType is not JSON serializable
Additional Context:
Sibling call sites in the same file use the same python-mode model_dump and may carry the same hazard if their models contain enums (like the tool-confirmation args around functions.py:368/:371, and event.actions.model_dump(...) near line 1241). Worth a glance during the fix, but the auth-request path is the confirmed, reproducible one. Discovered downstream while validating an OAuth resume flow; the in-memory event reached json.dumps via memory ingestion before any DB round-trip.
Minimal Reproduction Code:
Inline in Steps to Reproduce above; self-contained against a clean pip install google-adk==2.2.0.
How often has this issue occurred?:
- Always (100%), deterministic for any consumer that
json.dumps's the in-memory EUC event content.
🔴 Required Information
Describe the Bug:
build_auth_request_eventinsrc/google/adk/flows/llm_flows/functions.pybuilds theadk_request_credential(EUC)FunctionCall.argswithAuthToolArguments(...).model_dump(exclude_none=True, by_alias=True). The defaultmode="python"leaves the auth scheme'stypefield as a liveSecuritySchemeTypeenum member inside the args dict, rather than its string value. The resultingEvent.contentis therefore not JSON-serializable: any consumer that callsjson.dumpson the in-memory event content raisesTypeError: Object of type SecuritySchemeType is not JSON serializable.This is latent for most flows because the session DB launders enums to strings on write (pydantic JSON serialization), and ADK's own auth preprocessor re-validates the args from either form. It surfaces for any consumer that serializes the in-memory event before it round-trips through the DB. A concrete trigger is memory ingestion:
VertexAiMemoryBankServicehands the in-memoryevent.contentto the Vertex SDK, whichjson.dumps's it.Steps to Reproduce:
Run the snippet below against google-adk 2.2.0. It performs the same
model_dumpcall asbuild_auth_request_eventand then the samejson.dumpsthe Vertex SDK performs during memory ingestion.Expected Behavior:
The
adk_request_credentialFunctionCall.argsare JSON-serializable, consistent with how the same content is stored and re-read from the session DB.model_dump(mode="json", exclude_none=True, by_alias=True)coerces the enum to its"oauth2"string while preserving aliases; ADK's parse-back is unaffected because pydantic validation accepts the string form (exactly what it already does for DB-read events).Observed Behavior:
json.dumpson the in-memory event content raises:In a real flow (memory ingest on the EUC turn) this surfaces as a background task failure:
Environment Details:
main, the dump is atfunctions.py:305, SHA9670ce2)Model Information:
🟡 Optional Information
Regression:
Not a recent regression. The python-mode dump has been in place across releases (present in the 1.x line and unchanged on the current 2.x
main); it only becomes observable when a consumer serializes the in-memory EUC event before DB round-trip.Logs:
Additional Context:
Sibling call sites in the same file use the same python-mode
model_dumpand may carry the same hazard if their models contain enums (like the tool-confirmation args aroundfunctions.py:368/:371, andevent.actions.model_dump(...)near line 1241). Worth a glance during the fix, but the auth-request path is the confirmed, reproducible one. Discovered downstream while validating an OAuth resume flow; the in-memory event reachedjson.dumpsvia memory ingestion before any DB round-trip.Minimal Reproduction Code:
Inline in Steps to Reproduce above; self-contained against a clean
pip install google-adk==2.2.0.How often has this issue occurred?:
json.dumps's the in-memory EUC event content.