google-adk-extras 0.2.6__py3-none-any.whl → 0.3.0__py3-none-any.whl

{google_adk_extras-0.2.6.dist-info → google_adk_extras-0.3.0.dist-info}/METADATA

@@ -1,7 +1,7 @@
 Metadata-Version: 2.4
 Name: google-adk-extras
-Version: 0.2.6
-Summary: Production-ready services, credentials, and FastAPI wiring for Google ADK
+Version: 0.3.0
+Summary: Production-ready services and FastAPI wiring for Google ADK
 Home-page: https://github.com/DeadMeme5441/google-adk-extras
 Author: DeadMeme5441
 Author-email: DeadMeme5441 <deadunderscorememe@gmail.com>
@@ -49,7 +49,7 @@ Dynamic: requires-python
 [![Docs](https://img.shields.io/badge/docs-site-brightgreen)](https://deadmeme5441.github.io/google-adk-extras/)
 [![Docs Build](https://github.com/DeadMeme5441/google-adk-extras/actions/workflows/docs.yml/badge.svg)](https://github.com/DeadMeme5441/google-adk-extras/actions/workflows/docs.yml)
 
-Production-ready extensions for Google ADK (Agent Development Kit). This library adds durable service backends (sessions, artifacts, memory), practical credential services (OAuth2/JWT/Basic), and clean FastAPI wiring so you can run ADK agents with real storage and auth.
+Production-ready extensions for Google ADK (Agent Development Kit). This library adds durable service backends (sessions, artifacts, memory) and clean FastAPI wiring (with optional streaming) so you can run ADK agents with real storage.
 
 What this is not: a fork of ADK. It builds on ADK’s core runtime, agents, tools and callbacks, and drops in where ADK expects services and a web server.
 
@@ -58,10 +58,9 @@ What this is not: a fork of ADK. It builds on ADK’s core runtime, agents, tool
 
 ADK provides the core primitives (Runner, Session/State, MemoryService, ArtifactService, CredentialService, Agents/Tools, callbacks, Dev UI, and deployment paths). See the official ADK docs for concepts and APIs.
 
-This package focuses on three gaps common in real apps:
+This package focuses on a few gaps common in real apps:
 - Durable storage backends beyond in‑memory defaults
-- Usable credential flows (Google/GitHub/Microsoft/X OAuth2, JWT, Basic)
-- FastAPI integration that accepts your credential service without hacks
+- FastAPI integration with optional streaming (SSE/WS)
 
 
 ## Features
@@ -69,8 +68,7 @@ This package focuses on three gaps common in real apps:
 - Session services: SQL (SQLite/Postgres/MySQL), MongoDB, Redis, YAML files
 - Artifact services: Local folder (versioned), S3‑compatible, SQL, MongoDB
 - Memory services: SQL, MongoDB, Redis, YAML files (term search over text parts)
-- Credential services: Google/GitHub/Microsoft/X (OAuth2), JWT, HTTP Basic
-- Enhanced FastAPI wiring that respects a provided credential service
+- Enhanced FastAPI wiring for ADK apps (with optional streaming)
 - Fluent builder (`AdkBuilder`) to assemble a FastAPI app or a Runner
  - A2A helpers for exposing/consuming agents (see below)
 
@@ -95,17 +93,18 @@ If you plan to use specific backends, also install their clients (examples):
 - MongoDB: `uv pip install pymongo`
 - Redis: `uv pip install redis`
 - S3: `uv pip install boto3`
-- JWT: `uv pip install PyJWT`
+  
+Note on credentials (0.3.0): Outbound credentials for tools remain ADK’s concern (use ADK’s BaseCredentialService). Inbound API authentication is now available as an optional FastAPI layer in this package (see Auth below). You can run fully open (no auth) or enable API Key, Basic, or JWT (including first‑party issuance backed by SQL).
 
 
 ## Quickstart (FastAPI)
 
-Use the fluent builder to wire services and credentials. Then run with uvicorn.
+Use the fluent builder to wire services. Then run with uvicorn.
 
 ```python
 # app.py
 from google_adk_extras import AdkBuilder
-from google_adk_extras.credentials import GoogleOAuth2CredentialService
+from google_adk_extras.auth import AuthConfig, JwtIssuerConfig, JwtValidatorConfig
 
 app = (
     AdkBuilder()
@@ -113,11 +112,7 @@ app = (
     .with_session_service("sqlite:///./sessions.db")      # or: mongodb://, redis://, yaml://
     .with_artifact_service("local://./artifacts")         # or: s3://bucket, mongodb://, sql://
     .with_memory_service("yaml://./memory")               # or: redis://, mongodb://, sql://
-    .with_credential_service(GoogleOAuth2CredentialService(
-        client_id="…apps.googleusercontent.com",
-        client_secret="…",
-        scopes=["openid", "email", "profile"],
-    ))
+    # credentials: rely on ADK defaults or pass an ADK BaseCredentialService if needed
     .with_web_ui(True)     # serve ADK’s dev UI if assets available
     .with_agent_reload(True)
     .build_fastapi_app()
@@ -133,6 +128,77 @@ uvicorn app:app --reload
 If you don’t keep agents on disk, register them programmatically and use a custom loader (see below).
 
 
+## Auth (optional)
+
+Auth is entirely optional. By default, all endpoints are open (no auth). To enable protection, pass `auth_config` into `get_enhanced_fast_api_app` via the builder or directly.
+
+Supported inbound methods:
+- API Key: `X-API-Key: <key>` header (or `?api_key=` query). Keys can be static via config, or issued/rotated via SQL‑backed endpoints.
+- HTTP Basic: `Authorization: Basic base64(user:pass)` for quick human/internal testing. Can validate against in‑memory map or the SQL users table.
+- Bearer JWT (validate): Accept JWTs from Google/Auth0/Okta/etc. via JWKS, or HS256 secret in dev. Enforces iss/aud/exp/nbf.
+- Bearer JWT (issue): First‑party issuer with HS256, tokens minted from `/auth/token`, users stored in SQL (SQLite/Postgres/MySQL).
+
+Minimal enablement (JWT validate only):
+
+```python
+from google_adk_extras.auth import AuthConfig, JwtValidatorConfig
+
+auth = AuthConfig(
+    enabled=True,
+    jwt_validator=JwtValidatorConfig(
+        jwks_url="https://accounts.google.com/.well-known/openid-configuration",  # example
+        issuer="https://accounts.google.com",
+        audience="your-api-audience",
+    ),
+)
+
+app = (
+    AdkBuilder()
+      .with_agents_dir("./agents")
+      .build_fastapi_app()
+)
+```
+
+First‑party issuer + validate (single shared HS256 secret) with SQL connector:
+
+```python
+from google_adk_extras.auth import AuthConfig, JwtIssuerConfig, JwtValidatorConfig
+
+issuer = JwtIssuerConfig(
+    enabled=True,
+    issuer="https://local-issuer",
+    audience="adk-api",
+    algorithm="HS256",
+    hs256_secret="topsecret",
+    database_url="sqlite:///./auth.db",  # also supports Postgres/MySQL
+)
+validator = JwtValidatorConfig(
+    issuer=issuer.issuer,
+    audience=issuer.audience,
+    hs256_secret=issuer.hs256_secret,
+)
+
+auth = AuthConfig(enabled=True, jwt_issuer=issuer, jwt_validator=validator)
+
+app = (
+    AdkBuilder()
+      .with_agents_dir("./agents")
+      .build_fastapi_app()
+)
+```
+
+Issuing and using tokens/keys at runtime:
+- Register user: `POST /auth/register?username=alice&password=wonder`
+- Token (password): `POST /auth/token?grant_type=password&username=alice&password=wonder`
+- Refresh: `POST /auth/refresh?user_id=<uid>&refresh_token=<jti>`
+- Create API key: `POST /auth/api-keys` (auth required) → returns `{ id, api_key }` (plaintext shown once)
+- List keys: `GET /auth/api-keys` (auth required)
+- Revoke key: `DELETE /auth/api-keys/{id}` (auth required)
+- Use API key: add `X-API-Key: <api_key>` to any protected route (keys currently allow full access)
+
+Protected routes include `/run`, `/run_sse`, all `/apps/...` session/artifact/eval endpoints, `/debug/*`, `/builder/*`, and optionally `/list-apps` and `/apps/{app}/metrics-info`.
+
+
 ## Quickstart (Runner)
 
 Create a Runner wired with your chosen backends. Use agent name (filesystem loader) or pass an agent instance.
@@ -251,24 +317,8 @@ app = (
 ```
 
 
-## Credential URI cheatsheet (optional)
-
-If you prefer URIs instead of constructing services:
-
-- Google OAuth2: `oauth2-google://client_id:secret@scopes=openid,email,profile`
-- GitHub OAuth2: `oauth2-github://client_id:secret@scopes=user,repo`
-- Microsoft OAuth2: `oauth2-microsoft://<tenant>/<client_id>:<secret>@scopes=User.Read`
-- X OAuth2: `oauth2-x://client_id:secret@scopes=tweet.read,users.read`
-- JWT: `jwt://<secret>@algorithm=HS256&issuer=my-app&audience=api.example.com&expiration_minutes=60`
-- Basic: `basic-auth://username:password@realm=My%20API`
-
-```python
-cred = (
-    AdkBuilder()
-    .with_credential_service_uri("jwt://secret@issuer=my-app")
-    ._create_credential_service()
-)
-```
+<!-- Credential URI helpers removed. Use ADK’s BaseCredentialService directly if needed,
+     and handle inbound API authentication at FastAPI level. -->
 
 
 ## Notes & limitations

google_adk_extras-0.3.0.dist-info/RECORD

@@ -0,0 +1,37 @@
+google_adk_extras/__init__.py,sha256=deMaothLZ-UWkfMdfIV186oMu9ueatO1pT8mpBrJnw8,851
+google_adk_extras/adk_builder.py,sha256=Ax5e_NegGZcdb_xm4t4e18gpJjcR5ICn0Zefy6VuLh4,30068
+google_adk_extras/custom_agent_loader.py,sha256=e_sgA58RmDzCUHCySAi3Hruxumtozw3UScZV2vxlCbw,5991
+google_adk_extras/enhanced_adk_web_server.py,sha256=4QxTADlQv6oXaAEVMQc7-bpf84jCrTkN6pJC6R2jmww,5348
+google_adk_extras/enhanced_fastapi.py,sha256=xoWh9wibhxc48fEpLyQrkb2gB8Cas75_fwZzKWoRMic,28454
+google_adk_extras/enhanced_runner.py,sha256=b7O1a9-4S49LduILOEDs6IxjCI4w_E39sc-Hs4y3Rys,1410
+google_adk_extras/artifacts/__init__.py,sha256=_IsKDgf6wanWR0HXvSpK9SiLa3n5URKLtazkKyH1P-o,931
+google_adk_extras/artifacts/base_custom_artifact_service.py,sha256=O9rkc250B3yDRYbyDI0EvTrCKvnih5_DQas5OF-hRMY,9721
+google_adk_extras/artifacts/local_folder_artifact_service.py,sha256=7oepQIHYimXxSjGl3-i1HgZ595H9hZWa3OptsMeyqgU,12509
+google_adk_extras/artifacts/mongo_artifact_service.py,sha256=K46Ycl7gkzCbCweVL0GrWsFxCcJ3T7JnE9gpIamfd6Y,7099
+google_adk_extras/artifacts/s3_artifact_service.py,sha256=inIc2KL3OdIQGkCA_HYJE0ZfGFQ3YcX_SFZEFVUb0T8,15655
+google_adk_extras/artifacts/sql_artifact_service.py,sha256=OovKSzM0nib2c-pzkv7NYyiHi8kFK-k3SFOMi92U4Mk,11980
+google_adk_extras/auth/__init__.py,sha256=PQQmFAjOPrt9tAGHOtQC-_U7fpRd8Dt_vh973b2pSnc,202
+google_adk_extras/auth/attach.py,sha256=eEnT7vvsb0ZQUKQI8ijgIziTrRTiyc1aPV0LwXBWtmU,10020
+google_adk_extras/auth/config.py,sha256=JGJefyExVG3QFjmAkgTT-yaMivCvkOs4E7HwMlqVES0,1573
+google_adk_extras/auth/jwt_utils.py,sha256=sWIQWa1lGrottv6kzxo6cgTZFBa7J7wSa2-aJIVxfM8,1290
+google_adk_extras/auth/sql_store.py,sha256=-LouLrcT4gBBGrwG4kqbMyjVo1W1BbugPCKZUUFklWs,6693
+google_adk_extras/credentials/base_custom_credential_service.py,sha256=iYHacJAsZmDfpxLOPYx4tQpbtWTbwC75tRp6hlZFoSg,4014
+google_adk_extras/memory/__init__.py,sha256=2FFJXw9CZHctKXmCuc-lrdETeQ5xqdivy3oarHJz5gs,994
+google_adk_extras/memory/base_custom_memory_service.py,sha256=TRQMaXiRg2LXFwYZnFHoL-yBVtecuX1ownyPBJf6Xww,3613
+google_adk_extras/memory/mongo_memory_service.py,sha256=toXp7lg0el247zxY8HURY_7VxoaAPViZKnbvLCUxdWU,6747
+google_adk_extras/memory/redis_memory_service.py,sha256=P6vYvP8gv6kCH1lRB0SQld3mzS_JVKMUDtKifXDfu38,7400
+google_adk_extras/memory/sql_memory_service.py,sha256=cvAOsBZCFN3ruj0weuwvihgAnnvRJMO6HYMZX58rG9k,10760
+google_adk_extras/memory/yaml_file_memory_service.py,sha256=yx-nPqxXWxg9RI4OiwMAbdXs-eX1nBb1LzSWvib28S0,9909
+google_adk_extras/sessions/__init__.py,sha256=VgHyPULLzjJD7ShsyABz98rWVND0mOoM6qX74MrTJwA,915
+google_adk_extras/sessions/base_custom_session_service.py,sha256=npwrSNAtgqN6K7C8e4idiWkFNr_3pcOAiFYpGXu3NnI,8912
+google_adk_extras/sessions/mongo_session_service.py,sha256=Wo_dnsbnEex5rWeGOj5RABRhMICeaa4x--QBJPSur-4,8317
+google_adk_extras/sessions/redis_session_service.py,sha256=0G4yHWCngZz5w3UnQEigHXhgAqwttE8BTTYiDA1Hl7c,10428
+google_adk_extras/sessions/sql_session_service.py,sha256=TaOeEVWnwQ_8nvDZBW7e3qhzR_ecuGsjvZ_kh6Guq8g,14558
+google_adk_extras/sessions/yaml_file_session_service.py,sha256=g65ptJWAMVN4XQmCxQ0UwnSC2GU1NJ6QRvrwfzSK_xo,11797
+google_adk_extras/streaming/__init__.py,sha256=rcjmlCJHTlvUiCrx6qNGw5ObCnEtfENkGTvzfEiGL0M,461
+google_adk_extras/streaming/streaming_controller.py,sha256=Z72k5QgvWBIU2YP8iXlc3D3oWxDYWJo9eygj_KzALYA,10489
+google_adk_extras-0.3.0.dist-info/licenses/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358
+google_adk_extras-0.3.0.dist-info/METADATA,sha256=EX-DwXDezDXZVSLkGwTb36T-4pS_DWQgXRmCPDx5Gcw,12867
+google_adk_extras-0.3.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+google_adk_extras-0.3.0.dist-info/top_level.txt,sha256=DDWgVkz8G8ihPzznxAWyKa2jgJW3F6Fwy__qMddoKTs,18
+google_adk_extras-0.3.0.dist-info/RECORD,,

google_adk_extras/credentials/__init__.py

@@ -1,34 +0,0 @@
-"""Custom credential service implementations for Google ADK.
-
-Optional services are imported lazily to avoid import-time failures when
-their third-party dependencies are not installed.
-"""
-
-from .base_custom_credential_service import BaseCustomCredentialService
-from .google_oauth2_credential_service import GoogleOAuth2CredentialService
-from .github_oauth2_credential_service import GitHubOAuth2CredentialService
-from .microsoft_oauth2_credential_service import MicrosoftOAuth2CredentialService
-from .x_oauth2_credential_service import XOAuth2CredentialService
-from .http_basic_auth_credential_service import (
-    HTTPBasicAuthCredentialService,
-    HTTPBasicAuthWithCredentialsService,
-)
-
-# Optional: JWT (requires PyJWT)
-try:
-    from .jwt_credential_service import JWTCredentialService  # type: ignore
-except Exception:  # ImportError or transitive import errors
-    JWTCredentialService = None  # type: ignore
-
-__all__ = [
-    "BaseCustomCredentialService",
-    "GoogleOAuth2CredentialService",
-    "GitHubOAuth2CredentialService",
-    "MicrosoftOAuth2CredentialService",
-    "XOAuth2CredentialService",
-    "HTTPBasicAuthCredentialService",
-    "HTTPBasicAuthWithCredentialsService",
-]
-
-if JWTCredentialService is not None:
-    __all__.append("JWTCredentialService")

google_adk_extras/credentials/github_oauth2_credential_service.py

@@ -1,213 +0,0 @@
-"""GitHub OAuth2 credential service implementation."""
-
-from typing import Optional, List
-import logging
-
-from google.adk.auth.credential_service.session_state_credential_service import SessionStateCredentialService
-from google.adk.auth.credential_service.base_credential_service import CallbackContext
-from google.adk.auth import AuthConfig, AuthCredential, AuthCredentialTypes
-from google.adk.auth.auth_credential import OAuth2Auth
-from fastapi.openapi.models import OAuth2
-from fastapi.openapi.models import OAuthFlowAuthorizationCode, OAuthFlows
-
-from .base_custom_credential_service import BaseCustomCredentialService
-
-logger = logging.getLogger(__name__)
-
-
-class GitHubOAuth2CredentialService(BaseCustomCredentialService):
-    """GitHub OAuth2 credential service for handling GitHub authentication flows.
-    
-    This service provides pre-configured OAuth2 flows for GitHub APIs including
-    repository access, user information, and organization management.
-    
-    Args:
-        client_id: The GitHub OAuth2 client ID from GitHub Developer Settings.
-        client_secret: The GitHub OAuth2 client secret from GitHub Developer Settings.
-        scopes: List of OAuth2 scopes to request. Common scopes include:
-            - "user" - Access to user profile information
-            - "user:email" - Access to user email addresses
-            - "repo" - Full access to repositories
-            - "public_repo" - Access to public repositories only
-            - "admin:org" - Full access to organization data
-            - "read:org" - Read access to organization data
-            - "notifications" - Access to notifications
-        use_session_state: If True, stores credentials in session state. If False,
-            uses in-memory storage. Default is True for persistence.
-    
-    Example:
-        ```python
-        credential_service = GitHubOAuth2CredentialService(
-            client_id="your-github-client-id",
-            client_secret="your-github-client-secret", 
-            scopes=["user", "repo", "read:org"]
-        )
-        await credential_service.initialize()
-        
-        # Use with Runner
-        runner = Runner(
-            agent=agent,
-            session_service=session_service,
-            credential_service=credential_service,
-            app_name="my_app"
-        )
-        ```
-    """
-
-    # GitHub OAuth2 endpoints
-    GITHUB_AUTH_URL = "https://github.com/login/oauth/authorize"
-    GITHUB_TOKEN_URL = "https://github.com/login/oauth/access_token"
-    
-    # Common GitHub OAuth2 scopes
-    COMMON_SCOPES = {
-        "user": "Access to user profile information",
-        "user:email": "Access to user email addresses", 
-        "user:follow": "Access to follow/unfollow users",
-        "repo": "Full access to public and private repositories",
-        "public_repo": "Access to public repositories only",
-        "repo:status": "Access to commit status",
-        "repo_deployment": "Access to deployment status",
-        "admin:org": "Full control of orgs and teams, read/write org projects",
-        "write:org": "Read and write access to organization membership and projects",
-        "read:org": "Read-only access to organization membership and projects",
-        "admin:public_key": "Full control of user public keys",
-        "write:public_key": "Write access to user public keys",
-        "read:public_key": "Read access to user public keys",
-        "admin:repo_hook": "Full control of repository hooks",
-        "write:repo_hook": "Write access to repository hooks",
-        "read:repo_hook": "Read access to repository hooks",
-        "admin:org_hook": "Full control of organization hooks",
-        "gist": "Write access to gists",
-        "notifications": "Access to notifications",
-        "delete_repo": "Delete repositories",
-        "write:packages": "Upload packages to GitHub Package Registry",
-        "read:packages": "Download packages from GitHub Package Registry",
-        "workflow": "Update GitHub Action workflows"
-    }
-
-    def __init__(
-        self,
-        client_id: str,
-        client_secret: str,
-        scopes: Optional[List[str]] = None,
-        use_session_state: bool = True
-    ):
-        """Initialize the GitHub OAuth2 credential service.
-        
-        Args:
-            client_id: GitHub OAuth2 client ID.
-            client_secret: GitHub OAuth2 client secret.
-            scopes: List of OAuth2 scopes to request.
-            use_session_state: Whether to use session state for credential storage.
-        """
-        super().__init__()
-        self.client_id = client_id
-        self.client_secret = client_secret
-        self.scopes = scopes or ["user", "repo"]
-        self.use_session_state = use_session_state
-        
-        # Underlying credential service for storage
-        if use_session_state:
-            self._storage_service = SessionStateCredentialService()
-        else:
-            from google.adk.auth.credential_service.in_memory_credential_service import InMemoryCredentialService
-            self._storage_service = InMemoryCredentialService()
-
-    async def _initialize_impl(self) -> None:
-        """Initialize the GitHub OAuth2 credential service.
-        
-        Validates the client credentials and sets up the OAuth2 auth scheme.
-        
-        Raises:
-            ValueError: If client_id or client_secret is missing.
-        """
-        if not self.client_id:
-            raise ValueError("GitHub OAuth2 client_id is required")
-        if not self.client_secret:
-            raise ValueError("GitHub OAuth2 client_secret is required")
-        if not self.scopes:
-            raise ValueError("At least one OAuth2 scope is required")
-            
-        # Validate scopes against known GitHub scopes
-        unknown_scopes = set(self.scopes) - set(self.COMMON_SCOPES.keys())
-        if unknown_scopes:
-            logger.warning(f"Unknown GitHub OAuth2 scopes: {unknown_scopes}")
-            
-        logger.info(f"Initialized GitHub OAuth2 credential service with scopes: {self.scopes}")
-
-    def create_auth_config(self) -> AuthConfig:
-        """Create an AuthConfig for GitHub OAuth2 authentication.
-        
-        Returns:
-            AuthConfig: Configured auth config for GitHub OAuth2 flow.
-        """
-        self._check_initialized()
-        
-        # Create OAuth2 auth scheme
-        auth_scheme = OAuth2(
-            flows=OAuthFlows(
-                authorizationCode=OAuthFlowAuthorizationCode(
-                    authorizationUrl=self.GITHUB_AUTH_URL,
-                    tokenUrl=self.GITHUB_TOKEN_URL,
-                    scopes={
-                        scope: self.COMMON_SCOPES.get(scope, f"GitHub scope: {scope}")
-                        for scope in self.scopes
-                    }
-                )
-            )
-        )
-        
-        # Create OAuth2 credential
-        auth_credential = AuthCredential(
-            auth_type=AuthCredentialTypes.OAUTH2,
-            oauth2=OAuth2Auth(
-                client_id=self.client_id,
-                client_secret=self.client_secret
-            )
-        )
-        
-        return AuthConfig(
-            auth_scheme=auth_scheme,
-            raw_auth_credential=auth_credential
-        )
-
-    async def load_credential(
-        self,
-        auth_config: AuthConfig,
-        callback_context: CallbackContext,
-    ) -> Optional[AuthCredential]:
-        """Load GitHub OAuth2 credential from storage.
-        
-        Args:
-            auth_config: The auth config containing credential key information.
-            callback_context: The current callback context.
-            
-        Returns:
-            Optional[AuthCredential]: The stored credential or None if not found.
-        """
-        self._check_initialized()
-        return await self._storage_service.load_credential(auth_config, callback_context)
-
-    async def save_credential(
-        self,
-        auth_config: AuthConfig,
-        callback_context: CallbackContext,
-    ) -> None:
-        """Save GitHub OAuth2 credential to storage.
-        
-        Args:
-            auth_config: The auth config containing the credential to save.
-            callback_context: The current callback context.
-        """
-        self._check_initialized()
-        await self._storage_service.save_credential(auth_config, callback_context)
-        
-        logger.info(f"Saved GitHub OAuth2 credential for user {callback_context._invocation_context.user_id}")
-
-    def get_supported_scopes(self) -> dict:
-        """Get dictionary of supported GitHub OAuth2 scopes and their descriptions.
-        
-        Returns:
-            dict: Mapping of scope names to descriptions.
-        """
-        return self.COMMON_SCOPES.copy()