Skip to content

Feat/a2a call oauth#635

Merged
cuericlee merged 3 commits into
volcengine:mainfrom
songyichun1:feat/a2a-call-oauth
Jun 30, 2026
Merged

Feat/a2a call oauth#635
cuericlee merged 3 commits into
volcengine:mainfrom
songyichun1:feat/a2a-call-oauth

Conversation

@songyichun1

Copy link
Copy Markdown
Contributor

支持调用 OAuth2 client_credentials 鉴权的远程 Agent

@cuericlee cuericlee left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@cuericlee cuericlee left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Area | Verdict -- | -- Correctness | Looks sound — the OAuth2 client-credentials flow is implemented correctly with proper error handling. Test coverage | Good — the test exercises the full 5-request chain (get agent → list clients → get client → fetch token → send message) and verifies secrets are not leaked in serialized output. Security | Secrets are scrubbed from result serialization. Basic auth uses base64 over the wire (standard for client_credentials). Cache is in-memory only. Documentation | Clear docs in both EN and CN, explaining the flow and the env-var override. Maintainability | The refactoring of _agentkit_post into _signed_openapi_post is clean. The identity endpoint heuristic could be more robust.

@cuericlee cuericlee merged commit f600fc4 into volcengine:main Jun 30, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants