google-adk 1.4.0__py3-none-any.whl → 1.4.2__py3-none-any.whl

google/adk/a2a/converters/event_converter.py

@@ -0,0 +1,382 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import annotations
+
+import datetime
+import logging
+from typing import Any
+from typing import Dict
+from typing import List
+from typing import Optional
+import uuid
+
+from a2a.server.events import Event as A2AEvent
+from a2a.types import Artifact
+from a2a.types import DataPart
+from a2a.types import Message
+from a2a.types import Role
+from a2a.types import TaskArtifactUpdateEvent
+from a2a.types import TaskState
+from a2a.types import TaskStatus
+from a2a.types import TaskStatusUpdateEvent
+from a2a.types import TextPart
+
+from ...agents.invocation_context import InvocationContext
+from ...events.event import Event
+from ...utils.feature_decorator import working_in_progress
+from .part_converter import A2A_DATA_PART_METADATA_TYPE_FUNCTION_CALL
+from .part_converter import A2A_DATA_PART_METADATA_TYPE_KEY
+from .part_converter import convert_genai_part_to_a2a_part
+from .utils import _get_adk_metadata_key
+
+# Constants
+
+ARTIFACT_ID_SEPARATOR = "-"
+DEFAULT_ERROR_MESSAGE = "An error occurred during processing"
+
+# Logger
+logger = logging.getLogger("google_adk." + __name__)
+
+
+def _serialize_metadata_value(value: Any) -> str:
+  """Safely serializes metadata values to string format.
+
+  Args:
+    value: The value to serialize.
+
+  Returns:
+    String representation of the value.
+  """
+  if hasattr(value, "model_dump"):
+    try:
+      return value.model_dump(exclude_none=True, by_alias=True)
+    except Exception as e:
+      logger.warning("Failed to serialize metadata value: %s", e)
+      return str(value)
+  return str(value)
+
+
+def _get_context_metadata(
+    event: Event, invocation_context: InvocationContext
+) -> Dict[str, str]:
+  """Gets the context metadata for the event.
+
+  Args:
+    event: The ADK event to extract metadata from.
+    invocation_context: The invocation context containing session information.
+
+  Returns:
+    A dictionary containing the context metadata.
+
+  Raises:
+    ValueError: If required fields are missing from event or context.
+  """
+  if not event:
+    raise ValueError("Event cannot be None")
+  if not invocation_context:
+    raise ValueError("Invocation context cannot be None")
+
+  try:
+    metadata = {
+        _get_adk_metadata_key("app_name"): invocation_context.app_name,
+        _get_adk_metadata_key("user_id"): invocation_context.user_id,
+        _get_adk_metadata_key("session_id"): invocation_context.session.id,
+        _get_adk_metadata_key("invocation_id"): event.invocation_id,
+        _get_adk_metadata_key("author"): event.author,
+    }
+
+    # Add optional metadata fields if present
+    optional_fields = [
+        ("branch", event.branch),
+        ("grounding_metadata", event.grounding_metadata),
+        ("custom_metadata", event.custom_metadata),
+        ("usage_metadata", event.usage_metadata),
+        ("error_code", event.error_code),
+    ]
+
+    for field_name, field_value in optional_fields:
+      if field_value is not None:
+        metadata[_get_adk_metadata_key(field_name)] = _serialize_metadata_value(
+            field_value
+        )
+
+    return metadata
+
+  except Exception as e:
+    logger.error("Failed to create context metadata: %s", e)
+    raise
+
+
+def _create_artifact_id(
+    app_name: str, user_id: str, session_id: str, filename: str, version: int
+) -> str:
+  """Creates a unique artifact ID.
+
+  Args:
+    app_name: The application name.
+    user_id: The user ID.
+    session_id: The session ID.
+    filename: The artifact filename.
+    version: The artifact version.
+
+  Returns:
+    A unique artifact ID string.
+  """
+  components = [app_name, user_id, session_id, filename, str(version)]
+  return ARTIFACT_ID_SEPARATOR.join(components)
+
+
+def _convert_artifact_to_a2a_events(
+    event: Event,
+    invocation_context: InvocationContext,
+    filename: str,
+    version: int,
+) -> TaskArtifactUpdateEvent:
+  """Converts a new artifact version to an A2A TaskArtifactUpdateEvent.
+
+  Args:
+    event: The ADK event containing the artifact information.
+    invocation_context: The invocation context.
+    filename: The name of the artifact file.
+    version: The version number of the artifact.
+
+  Returns:
+    A TaskArtifactUpdateEvent representing the artifact update.
+
+  Raises:
+    ValueError: If required parameters are invalid.
+    RuntimeError: If artifact loading fails.
+  """
+  if not filename:
+    raise ValueError("Filename cannot be empty")
+  if version < 0:
+    raise ValueError("Version must be non-negative")
+
+  try:
+    artifact_part = invocation_context.artifact_service.load_artifact(
+        app_name=invocation_context.app_name,
+        user_id=invocation_context.user_id,
+        session_id=invocation_context.session.id,
+        filename=filename,
+        version=version,
+    )
+
+    converted_part = convert_genai_part_to_a2a_part(part=artifact_part)
+    if not converted_part:
+      raise RuntimeError(f"Failed to convert artifact part for {filename}")
+
+    artifact_id = _create_artifact_id(
+        invocation_context.app_name,
+        invocation_context.user_id,
+        invocation_context.session.id,
+        filename,
+        version,
+    )
+
+    return TaskArtifactUpdateEvent(
+        taskId=str(uuid.uuid4()),
+        append=False,
+        contextId=invocation_context.session.id,
+        lastChunk=True,
+        artifact=Artifact(
+            artifactId=artifact_id,
+            name=filename,
+            metadata={
+                "filename": filename,
+                "version": version,
+            },
+            parts=[converted_part],
+        ),
+    )
+  except Exception as e:
+    logger.error(
+        "Failed to convert artifact for %s, version %s: %s",
+        filename,
+        version,
+        e,
+    )
+    raise RuntimeError(f"Artifact conversion failed: {e}") from e
+
+
+def _process_long_running_tool(a2a_part, event: Event) -> None:
+  """Processes long-running tool metadata for an A2A part.
+
+  Args:
+    a2a_part: The A2A part to potentially mark as long-running.
+    event: The ADK event containing long-running tool information.
+  """
+  if (
+      isinstance(a2a_part.root, DataPart)
+      and event.long_running_tool_ids
+      and a2a_part.root.metadata.get(
+          _get_adk_metadata_key(A2A_DATA_PART_METADATA_TYPE_KEY)
+      )
+      == A2A_DATA_PART_METADATA_TYPE_FUNCTION_CALL
+      and a2a_part.root.metadata.get("id") in event.long_running_tool_ids
+  ):
+    a2a_part.root.metadata[_get_adk_metadata_key("is_long_running")] = True
+
+
+@working_in_progress
+def convert_event_to_a2a_status_message(
+    event: Event, invocation_context: InvocationContext
+) -> Optional[Message]:
+  """Converts an ADK event to an A2A message.
+
+  Args:
+    event: The ADK event to convert.
+    invocation_context: The invocation context.
+
+  Returns:
+    An A2A Message if the event has content, None otherwise.
+
+  Raises:
+    ValueError: If required parameters are invalid.
+  """
+  if not event:
+    raise ValueError("Event cannot be None")
+  if not invocation_context:
+    raise ValueError("Invocation context cannot be None")
+
+  if not event.content or not event.content.parts:
+    return None
+
+  try:
+    a2a_parts = []
+    for part in event.content.parts:
+      a2a_part = convert_genai_part_to_a2a_part(part)
+      if a2a_part:
+        a2a_parts.append(a2a_part)
+        _process_long_running_tool(a2a_part, event)
+
+    if a2a_parts:
+      return Message(
+          messageId=str(uuid.uuid4()), role=Role.agent, parts=a2a_parts
+      )
+
+  except Exception as e:
+    logger.error("Failed to convert event to status message: %s", e)
+    raise
+
+  return None
+
+
+def _create_error_status_event(
+    event: Event, invocation_context: InvocationContext
+) -> TaskStatusUpdateEvent:
+  """Creates a TaskStatusUpdateEvent for error scenarios.
+
+  Args:
+    event: The ADK event containing error information.
+    invocation_context: The invocation context.
+
+  Returns:
+    A TaskStatusUpdateEvent with FAILED state.
+  """
+  error_message = getattr(event, "error_message", None) or DEFAULT_ERROR_MESSAGE
+
+  return TaskStatusUpdateEvent(
+      taskId=str(uuid.uuid4()),
+      contextId=invocation_context.session.id,
+      final=False,
+      metadata=_get_context_metadata(event, invocation_context),
+      status=TaskStatus(
+          state=TaskState.failed,
+          message=Message(
+              messageId=str(uuid.uuid4()),
+              role=Role.agent,
+              parts=[TextPart(text=error_message)],
+          ),
+          timestamp=datetime.datetime.now().isoformat(),
+      ),
+  )
+
+
+def _create_running_status_event(
+    message: Message, invocation_context: InvocationContext, event: Event
+) -> TaskStatusUpdateEvent:
+  """Creates a TaskStatusUpdateEvent for running scenarios.
+
+  Args:
+    message: The A2A message to include.
+    invocation_context: The invocation context.
+    event: The ADK event.
+
+  Returns:
+    A TaskStatusUpdateEvent with RUNNING state.
+  """
+  return TaskStatusUpdateEvent(
+      taskId=str(uuid.uuid4()),
+      contextId=invocation_context.session.id,
+      final=False,
+      status=TaskStatus(
+          state=TaskState.working,
+          message=message,
+          timestamp=datetime.datetime.now().isoformat(),
+      ),
+      metadata=_get_context_metadata(event, invocation_context),
+  )
+
+
+@working_in_progress
+def convert_event_to_a2a_events(
+    event: Event, invocation_context: InvocationContext
+) -> List[A2AEvent]:
+  """Converts a GenAI event to a list of A2A events.
+
+  Args:
+    event: The ADK event to convert.
+    invocation_context: The invocation context.
+
+  Returns:
+    A list of A2A events representing the converted ADK event.
+
+  Raises:
+    ValueError: If required parameters are invalid.
+  """
+  if not event:
+    raise ValueError("Event cannot be None")
+  if not invocation_context:
+    raise ValueError("Invocation context cannot be None")
+
+  a2a_events = []
+
+  try:
+    # Handle artifact deltas
+    if event.actions.artifact_delta:
+      for filename, version in event.actions.artifact_delta.items():
+        artifact_event = _convert_artifact_to_a2a_events(
+            event, invocation_context, filename, version
+        )
+        a2a_events.append(artifact_event)
+
+    # Handle error scenarios
+    if event.error_code:
+      error_event = _create_error_status_event(event, invocation_context)
+      a2a_events.append(error_event)
+
+    # Handle regular message content
+    message = convert_event_to_a2a_status_message(event, invocation_context)
+    if message:
+      running_event = _create_running_status_event(
+          message, invocation_context, event
+      )
+      a2a_events.append(running_event)
+
+  except Exception as e:
+    logger.error("Failed to convert event to A2A events: %s", e)
+    raise
+
+  return a2a_events

google/adk/a2a/converters/part_converter.py

@@ -20,9 +20,22 @@ from __future__ import annotations
 
 import json
 import logging
+import sys
 from typing import Optional
 
-from a2a import types as a2a_types
+from .utils import _get_adk_metadata_key
+
+try:
+  from a2a import types as a2a_types
+except ImportError as e:
+  if sys.version_info < (3, 10):
+    raise ImportError(
+        'A2A Tool requires Python 3.10 or above. Please upgrade your Python'
+        ' version.'
+    ) from e
+  else:
+    raise e
+
 from google.genai import types as genai_types
 
 from ...utils.feature_decorator import working_in_progress
@@ -73,7 +86,7 @@ def convert_a2a_part_to_genai_part(
     # logic accordinlgy
     if part.metadata and A2A_DATA_PART_METADATA_TYPE_KEY in part.metadata:
       if (
-          part.metadata[A2A_DATA_PART_METADATA_TYPE_KEY]
+          part.metadata[_get_adk_metadata_key(A2A_DATA_PART_METADATA_TYPE_KEY)]
           == A2A_DATA_PART_METADATA_TYPE_FUNCTION_CALL
       ):
         return genai_types.Part(
@@ -82,7 +95,7 @@ def convert_a2a_part_to_genai_part(
             )
         )
       if (
-          part.metadata[A2A_DATA_PART_METADATA_TYPE_KEY]
+          part.metadata[_get_adk_metadata_key(A2A_DATA_PART_METADATA_TYPE_KEY)]
           == A2A_DATA_PART_METADATA_TYPE_FUNCTION_RESPONSE
       ):
         return genai_types.Part(

google/adk/a2a/converters/utils.py

@@ -0,0 +1,34 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import annotations
+
+ADK_METADATA_KEY_PREFIX = "adk_"
+
+
+def _get_adk_metadata_key(key: str) -> str:
+  """Gets the A2A event metadata key for the given key.
+
+  Args:
+    key: The metadata key to prefix.
+
+  Returns:
+    The prefixed metadata key.
+
+  Raises:
+    ValueError: If key is empty or None.
+  """
+  if not key:
+    raise ValueError("Metadata key cannot be empty or None")
+  return f"{ADK_METADATA_KEY_PREFIX}{key}"

google/adk/auth/auth_credential.py

@@ -230,4 +230,3 @@ class AuthCredential(BaseModelWithConfig):
   http: Optional[HttpAuth] = None
   service_account: Optional[ServiceAccount] = None
   oauth2: Optional[OAuth2Auth] = None
-  google_oauth2_json: Optional[str] = None

google/adk/auth/credential_manager.py

@@ -76,11 +76,7 @@ class CredentialManager:
     self._refresher_registry = CredentialRefresherRegistry()
 
     # Register default exchangers and refreshers
-    from .exchanger.service_account_credential_exchanger import ServiceAccountCredentialExchanger
-
-    self._exchanger_registry.register(
-        AuthCredentialTypes.SERVICE_ACCOUNT, ServiceAccountCredentialExchanger()
-    )
+    # TODO: support service account credential exchanger
     from .refresher.oauth2_credential_refresher import OAuth2CredentialRefresher
 
     oauth2_refresher = OAuth2CredentialRefresher()

google/adk/auth/exchanger/__init__.py

@@ -15,9 +15,7 @@
 """Credential exchanger module."""
 
 from .base_credential_exchanger import BaseCredentialExchanger
-from .service_account_credential_exchanger import ServiceAccountCredentialExchanger
 
 __all__ = [
     "BaseCredentialExchanger",
-    "ServiceAccountCredentialExchanger",
 ]

google/adk/auth/refresher/oauth2_credential_refresher.py

@@ -60,27 +60,12 @@ class OAuth2CredentialRefresher(BaseCredentialRefresher):
     Returns:
         True if the credential needs to be refreshed, False otherwise.
     """
-    # Handle Google OAuth2 credentials (from service account exchange)
-    if auth_credential.google_oauth2_json:
-      try:
-        google_credential = Credentials.from_authorized_user_info(
-            json.loads(auth_credential.google_oauth2_json)
-        )
-        return google_credential.expired and bool(
-            google_credential.refresh_token
-        )
-      except Exception as e:
-        logger.warning("Failed to parse Google OAuth2 JSON credential: %s", e)
-        return False
 
     # Handle regular OAuth2 credentials
-    elif auth_credential.oauth2 and auth_scheme:
+    if auth_credential.oauth2:
       if not AUTHLIB_AVIALABLE:
         return False
 
-      if not auth_credential.oauth2:
-        return False
-
       return OAuth2Token({
           "expires_at": auth_credential.oauth2.expires_at,
           "expires_in": auth_credential.oauth2.expires_in,
@@ -105,22 +90,9 @@ class OAuth2CredentialRefresher(BaseCredentialRefresher):
         The refreshed credential.
 
     """
-    # Handle Google OAuth2 credentials (from service account exchange)
-    if auth_credential.google_oauth2_json:
-      try:
-        google_credential = Credentials.from_authorized_user_info(
-            json.loads(auth_credential.google_oauth2_json)
-        )
-        if google_credential.expired and google_credential.refresh_token:
-          google_credential.refresh(Request())
-          auth_credential.google_oauth2_json = google_credential.to_json()
-          logger.info("Successfully refreshed Google OAuth2 JSON credential")
-      except Exception as e:
-        # TODO reconsider whether we should raise error when refresh failed.
-        logger.error("Failed to refresh Google OAuth2 JSON credential: %s", e)
 
     # Handle regular OAuth2 credentials
-    elif auth_credential.oauth2 and auth_scheme:
+    if auth_credential.oauth2 and auth_scheme:
       if not AUTHLIB_AVIALABLE:
         return auth_credential
 

google/adk/flows/llm_flows/functions.py

@@ -288,8 +288,7 @@ async def handle_function_calls_live(
       trace_tool_call(
           tool=tool,
           args=function_args,
-          response_event_id=function_response_event.id,
-          function_response=function_response,
+          function_response_event=function_response_event,
       )
       function_response_events.append(function_response_event)
 

google/adk/sessions/vertex_ai_session_service.py

@@ -14,6 +14,7 @@
 from __future__ import annotations
 
 import asyncio
+import json
 import logging
 import re
 from typing import Any
@@ -87,6 +88,7 @@ class VertexAiSessionService(BaseSessionService):
         path=f'reasoningEngines/{reasoning_engine_id}/sessions',
         request_dict=session_json_dict,
     )
+    api_response = _convert_api_response(api_response)
     logger.info(f'Create Session response {api_response}')
 
     session_id = api_response['name'].split('/')[-3]
@@ -100,6 +102,7 @@ class VertexAiSessionService(BaseSessionService):
           path=f'operations/{operation_id}',
           request_dict={},
       )
+      lro_response = _convert_api_response(lro_response)
 
       if lro_response.get('done', None):
         break
@@ -118,6 +121,7 @@ class VertexAiSessionService(BaseSessionService):
         path=f'reasoningEngines/{reasoning_engine_id}/sessions/{session_id}',
         request_dict={},
     )
+    get_session_api_response = _convert_api_response(get_session_api_response)
 
     update_timestamp = isoparse(
         get_session_api_response['updateTime']
@@ -149,6 +153,7 @@ class VertexAiSessionService(BaseSessionService):
         path=f'reasoningEngines/{reasoning_engine_id}/sessions/{session_id}',
         request_dict={},
     )
+    get_session_api_response = _convert_api_response(get_session_api_response)
 
     session_id = get_session_api_response['name'].split('/')[-1]
     update_timestamp = isoparse(
@@ -167,9 +172,12 @@ class VertexAiSessionService(BaseSessionService):
         path=f'reasoningEngines/{reasoning_engine_id}/sessions/{session_id}/events',
         request_dict={},
     )
+    list_events_api_response = _convert_api_response(list_events_api_response)
 
     # Handles empty response case
-    if list_events_api_response.get('httpHeaders', None):
+    if not list_events_api_response or list_events_api_response.get(
+        'httpHeaders', None
+    ):
       return session
 
     session.events += [
@@ -226,9 +234,10 @@ class VertexAiSessionService(BaseSessionService):
         path=path,
         request_dict={},
     )
+    api_response = _convert_api_response(api_response)
 
     # Handles empty response case
-    if api_response.get('httpHeaders', None):
+    if not api_response or api_response.get('httpHeaders', None):
       return ListSessionsResponse()
 
     sessions = []
@@ -303,6 +312,13 @@ class VertexAiSessionService(BaseSessionService):
     return client._api_client
 
 
+def _convert_api_response(api_response):
+  """Converts the API response to a JSON object based on the type."""
+  if hasattr(api_response, 'body'):
+    return json.loads(api_response.body)
+  return api_response
+
+
 def _convert_event_to_json(event: Event) -> Dict[str, Any]:
   metadata_json = {
       'partial': event.partial,

google/adk/tools/bigquery/bigquery_credentials.py

@@ -21,9 +21,10 @@ from typing import Optional
 from fastapi.openapi.models import OAuth2
 from fastapi.openapi.models import OAuthFlowAuthorizationCode
 from fastapi.openapi.models import OAuthFlows
+import google.auth.credentials
 from google.auth.exceptions import RefreshError
 from google.auth.transport.requests import Request
-from google.oauth2.credentials import Credentials
+import google.oauth2.credentials
 from pydantic import BaseModel
 from pydantic import model_validator
 
@@ -40,26 +41,35 @@ BIGQUERY_DEFAULT_SCOPE = ["https://www.googleapis.com/auth/bigquery"]
 
 @experimental
 class BigQueryCredentialsConfig(BaseModel):
-  """Configuration for Google API tools. (Experimental)"""
+  """Configuration for Google API tools (Experimental).
+
+  Please do not use this in production, as it may be deprecated later.
+  """
 
   # Configure the model to allow arbitrary types like Credentials
   model_config = {"arbitrary_types_allowed": True}
 
-  credentials: Optional[Credentials] = None
-  """the existing oauth credentials to use. If set,this credential will be used
+  credentials: Optional[google.auth.credentials.Credentials] = None
+  """The existing auth credentials to use. If set, this credential will be used
   for every end user, end users don't need to be involved in the oauthflow. This
   field is mutually exclusive with client_id, client_secret and scopes.
   Don't set this field unless you are sure this credential has the permission to
   access every end user's data.
 
-  Example usage: when the agent is deployed in Google Cloud environment and
+  Example usage 1: When the agent is deployed in Google Cloud environment and
   the service account (used as application default credentials) has access to
   all the required BigQuery resource. Setting this credential to allow user to
   access the BigQuery resource without end users going through oauth flow.
 
-  To get application default credential: `google.auth.default(...)`. See more
+  To get application default credential, use: `google.auth.default(...)`. See more
   details in https://cloud.google.com/docs/authentication/application-default-credentials.
 
+  Example usage 2: When the agent wants to access the user's BigQuery resources
+  using the service account key credentials.
+
+  To load service account key credentials, use: `google.auth.load_credentials_from_file(...)`.
+  See more details in https://cloud.google.com/iam/docs/service-account-creds#user-managed-keys.
+
   When the deployed environment cannot provide a pre-existing credential,
   consider setting below client_id, client_secret and scope for end users to go
   through oauth flow, so that agent can access the user data.
@@ -86,7 +96,9 @@ class BigQueryCredentialsConfig(BaseModel):
           " client_id/client_secret/scopes."
       )
 
-    if self.credentials:
+    if self.credentials and isinstance(
+        self.credentials, google.oauth2.credentials.Credentials
+    ):
       self.client_id = self.credentials.client_id
       self.client_secret = self.credentials.client_secret
       self.scopes = self.credentials.scopes
@@ -115,7 +127,7 @@ class BigQueryCredentialsManager:
 
   async def get_valid_credentials(
       self, tool_context: ToolContext
-  ) -> Optional[Credentials]:
+  ) -> Optional[google.auth.credentials.Credentials]:
     """Get valid credentials, handling refresh and OAuth flow as needed.
 
     Args:
@@ -127,7 +139,7 @@ class BigQueryCredentialsManager:
     # First, try to get credentials from the tool context
     creds_json = tool_context.state.get(BIGQUERY_TOKEN_CACHE_KEY, None)
     creds = (
-        Credentials.from_authorized_user_info(
+        google.oauth2.credentials.Credentials.from_authorized_user_info(
             json.loads(creds_json), self.credentials_config.scopes
         )
         if creds_json
@@ -138,6 +150,11 @@ class BigQueryCredentialsManager:
     if not creds:
       creds = self.credentials_config.credentials
 
+    # If non-oauth credentials are provided then use them as is. This helps
+    # in flows such as service account keys
+    if creds and not isinstance(creds, google.oauth2.credentials.Credentials):
+      return creds
+
     # Check if we have valid credentials
     if creds and creds.valid:
       return creds
@@ -159,7 +176,7 @@ class BigQueryCredentialsManager:
 
   async def _perform_oauth_flow(
       self, tool_context: ToolContext
-  ) -> Optional[Credentials]:
+  ) -> Optional[google.oauth2.credentials.Credentials]:
     """Perform OAuth flow to get new credentials.
 
     Args:
@@ -199,7 +216,7 @@ class BigQueryCredentialsManager:
 
     if auth_response:
       # OAuth flow completed, create credentials
-      creds = Credentials(
+      creds = google.oauth2.credentials.Credentials(
           token=auth_response.oauth2.access_token,
           refresh_token=auth_response.oauth2.refresh_token,
           token_uri=auth_scheme.flows.authorizationCode.tokenUrl,

google/adk/tools/bigquery/bigquery_tool.py

@@ -19,7 +19,7 @@ from typing import Any
 from typing import Callable
 from typing import Optional
 
-from google.oauth2.credentials import Credentials
+from google.auth.credentials import Credentials
 from typing_extensions import override
 
 from ...utils.feature_decorator import experimental

google/adk/tools/bigquery/client.py

@@ -15,8 +15,8 @@
 from __future__ import annotations
 
 import google.api_core.client_info
+from google.auth.credentials import Credentials
 from google.cloud import bigquery
-from google.oauth2.credentials import Credentials
 
 from ... import version
 

google/adk/tools/bigquery/metadata_tool.py

@@ -12,8 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+from google.auth.credentials import Credentials
 from google.cloud import bigquery
-from google.oauth2.credentials import Credentials
 
 from . import client
 

google/adk/tools/bigquery/query_tool.py

@@ -16,8 +16,8 @@ import functools
 import types
 from typing import Callable
 
+from google.auth.credentials import Credentials
 from google.cloud import bigquery
-from google.oauth2.credentials import Credentials
 
 from . import client
 from .config import BigQueryToolConfig

google/adk/tools/mcp_tool/mcp_tool.py

@@ -138,11 +138,6 @@ class MCPTool(BaseAuthenticatedTool):
     if credential:
       if credential.oauth2:
         headers = {"Authorization": f"Bearer {credential.oauth2.access_token}"}
-      elif credential.google_oauth2_json:
-        google_credential = Credentials.from_authorized_user_info(
-            json.loads(credential.google_oauth2_json)
-        )
-        headers = {"Authorization": f"Bearer {google_credential.token}"}
       elif credential.http:
         # Handle HTTP authentication schemes
         if (
@@ -178,10 +173,9 @@ class MCPTool(BaseAuthenticatedTool):
         headers = {"X-API-Key": credential.api_key}
       elif credential.service_account:
         # Service accounts should be exchanged for access tokens before reaching this point
-        # If we reach here, we can try to use google_oauth2_json or log a warning
         logger.warning(
-            "Service account credentials should be exchanged for access"
-            " tokens before MCP session creation"
+            "Service account credentials should be exchanged before MCP"
+            " session creation"
         )
 
     return headers

google/adk/tools/openapi_tool/openapi_spec_parser/tool_auth_handler.py

@@ -233,7 +233,6 @@ class ToolAuthHandler:
             AuthCredentialTypes.OPEN_ID_CONNECT,
         )
         and not credential.oauth2.access_token
-        and not credential.google_oauth2_json
     )
 
   async def prepare_auth_credentials(

google/adk/version.py

@@ -13,4 +13,4 @@
 # limitations under the License.
 
 # version: major.minor.patch
-__version__ = "1.4.0"
+__version__ = "1.4.2"

{google_adk-1.4.0.dist-info → google_adk-1.4.2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: google-adk
-Version: 1.4.0
+Version: 1.4.2
 Summary: Agent Development Kit
 Author-email: Google LLC <googleapis-packages@google.com>
 Requires-Python: >=3.9

{google_adk-1.4.0.dist-info → google_adk-1.4.2.dist-info}/RECORD

@@ -2,10 +2,12 @@ google/adk/__init__.py,sha256=sSPQK3r0tW8ahl-k8SXkZvMcbiTbGICCtrw6KkFucyg,726
 google/adk/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 google/adk/runners.py,sha256=Tqv3HrulZGBO5YZ9bNbtAihDl-SsPv1SnW5nzUBRfZs,18558
 google/adk/telemetry.py,sha256=0ZHioyg4GD-A4xd2TPB_W1uW2_m5kMQGHosPwCu9cIc,8641
-google/adk/version.py,sha256=1bJw7-dWWcu5lzJG0xHN5h9smUy3_7Hc4dZY0XZLkug,626
+google/adk/version.py,sha256=oy2jnAjqK4WVwWkp2NI0T0DqExGIXma2q1zr_CLnGO8,626
 google/adk/a2a/__init__.py,sha256=Q9FlRO2IfSE9yEaiAYzWkOMBJPCaNYqh4ihcp0t0BQs,574
 google/adk/a2a/converters/__init__.py,sha256=Q9FlRO2IfSE9yEaiAYzWkOMBJPCaNYqh4ihcp0t0BQs,574
-google/adk/a2a/converters/part_converter.py,sha256=2SxRkKRlhOih7mg33uefNVlBhOYOcOMomQhLSuV3_Kc,5056
+google/adk/a2a/converters/event_converter.py,sha256=8n6_j7mkxCZlDMPhEfzG6THCCA0qSqV3PN0s3C-AT60,11183
+google/adk/a2a/converters/part_converter.py,sha256=JAkL6x7zPhKvLNDSSacpdQl2v0YwzVZS804--q1yi3U,5374
+google/adk/a2a/converters/utils.py,sha256=pMhM3k-KZuSprmB-ELH-sdRKLC5SZnRYJke6lCJJdJI,1011
 google/adk/agents/__init__.py,sha256=WsCiBlvI-ISWrcntboo_sULvVJNwLNxXCe42UGPLKdY,1041
 google/adk/agents/active_streaming_tool.py,sha256=vFuh_PkdF5EyyneBBJ7Al8ojeTIR3OtsxLjckr9DbXE,1194
 google/adk/agents/base_agent.py,sha256=fCwAcR12IVVx8qXWGVf773zOmQEKnXDPwmoYYQwUfR4,12168
@@ -25,25 +27,24 @@ google/adk/artifacts/base_artifact_service.py,sha256=H-t5nckLTfr330utj8vxjH45z81
 google/adk/artifacts/gcs_artifact_service.py,sha256=-YU4NhZiGMnHHCg00aJWgKq4JWkQLh7EH5OuGusM5bE,5608
 google/adk/artifacts/in_memory_artifact_service.py,sha256=Iw34Ja89JwGgd3sulbxxk5pVMqzEZJCt4F2m15MC37U,4059
 google/adk/auth/__init__.py,sha256=GoFe0aZGdp0ExNE4rXNn1RuXLaB64j7Z-2C5e2Hsh8c,908
-google/adk/auth/auth_credential.py,sha256=w_icK-fWNyhk_tr-mhX97tzqjuxmWIDnurmTQgRvLEo,7055
+google/adk/auth/auth_credential.py,sha256=F1cMHe_gda5N6RXlyB0IYLLos-Jz-WcNFkIm9SjSiGQ,7012
 google/adk/auth/auth_handler.py,sha256=aUJrY8fzPvSZwi1rtB_N7fHuHt6DE-H8D8HnkDUCyZQ,6828
 google/adk/auth/auth_preprocessor.py,sha256=RleOG5I7L1EWVRdX_bC1WtKnt0FDKAcXSSh1RexJqtE,4309
 google/adk/auth/auth_schemes.py,sha256=dxx9bxjOWoae1fSVxbpaVTwa0I4v76_QJJFEX--1ueA,2260
 google/adk/auth/auth_tool.py,sha256=2N-lR5UrgBhwPaErwRusT1MrNDQGb8fuiMHO5x3cmck,3674
-google/adk/auth/credential_manager.py,sha256=OSJxYMJqTotyK4UueLeDDdmUfGuMuPC_nmwHjifPC_s,9671
+google/adk/auth/credential_manager.py,sha256=G5iqpStGHl4wZxkeqNDNljrEt1L_XNSfNVM9mmOqUhg,9503
 google/adk/auth/oauth2_credential_util.py,sha256=gIb1OUGA4NZRnIeLLk29T_Q9J8ibTxe7-357UhCW3FY,3340
 google/adk/auth/credential_service/__init__.py,sha256=Q9FlRO2IfSE9yEaiAYzWkOMBJPCaNYqh4ihcp0t0BQs,574
 google/adk/auth/credential_service/base_credential_service.py,sha256=4SK1UW9NiLNLrc_grpG3xyIPXySGpl0DIv9bTm-onWE,2325
 google/adk/auth/credential_service/in_memory_credential_service.py,sha256=xXG-3_uq3CU1Eilp8NGBhje0X77ROlAT5BKyJmLLyHg,2161
-google/adk/auth/exchanger/__init__.py,sha256=HCZ8KUqeXORwhjXqHCuezCrXsyVYliuo8YrLXvxS9wY,845
+google/adk/auth/exchanger/__init__.py,sha256=RHCK_Zg7hXzBKvz2Vrwvbx_cMXWittidIZToszaL3Nc,720
 google/adk/auth/exchanger/base_credential_exchanger.py,sha256=Uqzs_NhEDmuH5n0U_ES5fHlMSagyYEc5JKu-5GdOC_A,1644
 google/adk/auth/exchanger/credential_exchanger_registry.py,sha256=Nsk9BMmhFbZsXQwPckm8elXfbk6iIRSrvegR6DpcONo,1855
 google/adk/auth/exchanger/oauth2_credential_exchanger.py,sha256=FA0EYC-zfD1gO9CV9xDYYfPxU2EAJdYwVyWjVy3C6Bw,3649
-google/adk/auth/exchanger/service_account_credential_exchanger.py,sha256=AYVZcvOuOhNKPgwwgSOcxyZegi6xq4IW8vvNs_IMvXE,3804
 google/adk/auth/refresher/__init__.py,sha256=DEEkESlvEteCpO4QcDExm6K8S8y7l_oS-A2TK1Oh1xU,720
 google/adk/auth/refresher/base_credential_refresher.py,sha256=oDWBAuSnt5-00f8LwTrwTptuwkkUXknad8Zbp2mmOA4,2192
 google/adk/auth/refresher/credential_refresher_registry.py,sha256=ioHclgxCtpSeiUcMq9jwzPn0IzzxrQLpWSpHy90folA,1877
-google/adk/auth/refresher/oauth2_credential_refresher.py,sha256=TqpUMOo_Ln1bZSFYaTiHonSlUvb5-3Mn9npnYC2dF6g,5329
+google/adk/auth/refresher/oauth2_credential_refresher.py,sha256=HARpIwwXNxqo4_CNDpRFrN-p7RsnShgu21hgRFVwv4Q,4035
 google/adk/cli/__init__.py,sha256=ouPYnIY02VmGNfpA6IT8oSQdfeZd1LHVoDSt_x8zQPU,609
 google/adk/cli/__main__.py,sha256=gN8rRWlkh_3gLI-oYByxrKpCW9BIfDwrr0YuyisxmHo,646
 google/adk/cli/agent_graph.py,sha256=Kj5_a4UE1QXmqdRv4i4LI4hKHOrLkBS22Q759F3aRug,9879
@@ -116,7 +117,7 @@ google/adk/flows/llm_flows/auto_flow.py,sha256=CnuFelyZhB_ns4U_5_dW0x_KQlzu02My7
 google/adk/flows/llm_flows/base_llm_flow.py,sha256=uGqJ-b_Xygqgae1dndNh9tgTaj3luMKq3Qj4_jDf278,22660
 google/adk/flows/llm_flows/basic.py,sha256=263pfk6PIqKO-7BWo--bsBbpZJ8u5R9OK__WhpBgIbM,2848
 google/adk/flows/llm_flows/contents.py,sha256=bAklBI8YWctd0pGQCRwCVDqDxASiCNV_t8tJChPLbFg,13055
-google/adk/flows/llm_flows/functions.py,sha256=r082klTW5MRHs8H3e5DgkeYwBDk8kEw583UsnqINiZk,17556
+google/adk/flows/llm_flows/functions.py,sha256=NRzs9MfqCI8JjKBJCPk3iO_xXn0PzaBfy7NjQrdVsUU,17512
 google/adk/flows/llm_flows/identity.py,sha256=X4CRg12NvnopmydU9gbFJI4lW1_otN-w_GOAuPvKrXo,1651
 google/adk/flows/llm_flows/instructions.py,sha256=sO2dQ5hn6ybjXs2fWYWvEFVtACdpiiP0yKf9eNVjhhM,2879
 google/adk/flows/llm_flows/single_flow.py,sha256=gC677SxxammKx1XkZBzUdgBjDzeymKRcRQQxFGIur8Y,1904
@@ -151,7 +152,7 @@ google/adk/sessions/database_session_service.py,sha256=zPqH1pY_euvSA9I3f3BTfvBxL
 google/adk/sessions/in_memory_session_service.py,sha256=5mU882L-0zobyWoldAkuBMmGKTQV_XlhL0A2_OySPzU,9080
 google/adk/sessions/session.py,sha256=fwJ3D4rUQ1N5cLMpFrE_BstEz6Ct637FlF52MfkxZCk,1861
 google/adk/sessions/state.py,sha256=con9G5nfJpa95J5LKTAnZ3KMPkXdaTbrdwRdKg6d6B4,2299
-google/adk/sessions/vertex_ai_session_service.py,sha256=BvYXkP4zWdJ9WA65TWpmbzOMzGs5jwMprSm7DLgVmYE,12870
+google/adk/sessions/vertex_ai_session_service.py,sha256=ZzQeCd3lE-7htfNZjWB_pDV2C5fNksHQ7c-RvJjSEnc,13564
 google/adk/tools/__init__.py,sha256=_5JFmTAPBmXlOY8CRaYJlZubvwxoxhi2esXusovv5ME,1752
 google/adk/tools/_automatic_function_calling_util.py,sha256=p5An_BklKDo1w5_DigZGgf0p023lIDKPaZPS_-iJN6k,11100
 google/adk/tools/_forwarding_artifact_service.py,sha256=MHOfc8ntSuHLcA4jp218FP0k0qWAu3-6MSQCNWZ__S4,3022
@@ -192,13 +193,13 @@ google/adk/tools/application_integration_tool/integration_connector_tool.py,sha2
 google/adk/tools/application_integration_tool/clients/connections_client.py,sha256=zspLmrx2DvOg2r5B2DWxeK3fKdQovIu8t3z5Xip7AGo,31428
 google/adk/tools/application_integration_tool/clients/integration_client.py,sha256=hLM8n97hsmvgYBtmF_KMYwr_mnlhfPvsDXzE2cI5SqE,10654
 google/adk/tools/bigquery/__init__.py,sha256=tkXX7IoTzXgZjv82fjqa0_TTufxijiIr6nPsaqH1o5Y,1446
-google/adk/tools/bigquery/bigquery_credentials.py,sha256=cfySW5x25M3hDlUdLN0j71PfCrQOZFfB35pOsQYxxRM,7844
-google/adk/tools/bigquery/bigquery_tool.py,sha256=uZEj_CGNsFrt23RbCF-9Hroru6mghxgzc_FvAgT11o8,4210
+google/adk/tools/bigquery/bigquery_credentials.py,sha256=cs610IowXAhpwovRpMjspPQ6Bb9TB23IBqdUorHNQzI,8690
+google/adk/tools/bigquery/bigquery_tool.py,sha256=Hvw5ijtX9FGJfUxvBCTL51JxAS4-G5wFtewMUcSACxk,4208
 google/adk/tools/bigquery/bigquery_toolset.py,sha256=4eIj_bbUeC4bhhNN9RA8i5661Xi3qM9pqfYoN4XBQME,2831
-google/adk/tools/bigquery/client.py,sha256=5kL2zVGj3bgo8X-G1ha7zdK6UrWc0sY_qq96cODELD8,1168
+google/adk/tools/bigquery/client.py,sha256=CUFsxf6Ma5dTfofk1L888EnUfo2zlI6-_NFs-v3Hcr0,1166
 google/adk/tools/bigquery/config.py,sha256=GNiPUX4sVKg7UfoJ-xo8RCReYym4qF3blMUzY9O5CRE,1390
-google/adk/tools/bigquery/metadata_tool.py,sha256=1WOcI60oSTpwsuzB1s-__hNKZE0x0csuMdV7w6V0jYI,8265
-google/adk/tools/bigquery/query_tool.py,sha256=oTAb1_bFbzkG46dEYsnQfgyQxwaHotR1OSjvIqC62XM,6158
+google/adk/tools/bigquery/metadata_tool.py,sha256=BZ5VPXERZgVJDp1VqT6vSmFkDYPbo0bXBZsE5RgL3XY,8263
+google/adk/tools/bigquery/query_tool.py,sha256=-dsqZbuQxwYb6uCHJ5_-6Yt94QlvQ4ktDov6JKdsnvc,6156
 google/adk/tools/google_api_tool/__init__.py,sha256=a_Bco5SyTQ89yb1t6Bs6NQrTsJgV22mn1quRNygVZXw,1385
 google/adk/tools/google_api_tool/google_api_tool.py,sha256=vDA7YnDZCl8-ucBvIzXS-uJWX1m2KY_csTz5M3nw_Ys,2029
 google/adk/tools/google_api_tool/google_api_toolset.py,sha256=M27lSCXOka4yHGGH50UVJvoEvZbWT-QBVaR1tW018tY,3773
@@ -207,7 +208,7 @@ google/adk/tools/google_api_tool/googleapi_to_openapi_converter.py,sha256=mo1ew3
 google/adk/tools/mcp_tool/__init__.py,sha256=UIXmz81_7s-kpZNSTOhpWXtQeMxXpjTwMRoDPDbCTkQ,1515
 google/adk/tools/mcp_tool/conversion_utils.py,sha256=PfPSBAPzAgBsEWk2goKOFHz4fM-9ralW-nMkCbs0b38,5339
 google/adk/tools/mcp_tool/mcp_session_manager.py,sha256=9QRcprgzfpUHBTePXE2rrUb3LKRQeGo38-Gb6LPbH2w,12946
-google/adk/tools/mcp_tool/mcp_tool.py,sha256=rqPTmd4xf5-oQjjLtdqwtAmjaYemZ6RlSdh3Y5iOR2A,6427
+google/adk/tools/mcp_tool/mcp_tool.py,sha256=9tHuqpjBKqcMeI8WvVXfWuWvxov8kzuG85REboblpL8,6081
 google/adk/tools/mcp_tool/mcp_toolset.py,sha256=dp3IhfdrK07CvZ5LERVtUBzlbbUOhnrmI0ND8Fn2eGk,6323
 google/adk/tools/openapi_tool/__init__.py,sha256=UMsewNCQjd-r1GBX1OMuUJTzJ0AlQuegIc98g04-0oU,724
 google/adk/tools/openapi_tool/auth/__init__.py,sha256=NVRXscqN4V0CSCvIp8J_ee8Xyw4m-OGoZn7SmrtOsQk,637
@@ -224,7 +225,7 @@ google/adk/tools/openapi_tool/openapi_spec_parser/openapi_spec_parser.py,sha256=
 google/adk/tools/openapi_tool/openapi_spec_parser/openapi_toolset.py,sha256=zxQtizsdW8FIqhpSzGfhkQLbBXIDZOK_0h8TrXayYZ4,5532
 google/adk/tools/openapi_tool/openapi_spec_parser/operation_parser.py,sha256=PhgkKRtSQi-gZa2RBeEzCX0A0Aekk2kLIo_cuf9aAQ0,9078
 google/adk/tools/openapi_tool/openapi_spec_parser/rest_api_tool.py,sha256=TMLDr-ODSEiok0l1ObPmuwcTOvOAjuxoMNBw_QwG5Pg,14650
-google/adk/tools/openapi_tool/openapi_spec_parser/tool_auth_handler.py,sha256=ALVwmWZzvc9kvqp3lBovZ_N4_LY0F1CrPUItNn-PXFI,10059
+google/adk/tools/openapi_tool/openapi_spec_parser/tool_auth_handler.py,sha256=9bqnlvmcr6i8Dab73ntzbynkFFWCYMhk7R-DS-jkOz4,10013
 google/adk/tools/retrieval/__init__.py,sha256=0euJjx0ReH8JmUI5-JU8kWRswqLxobRCDjx5zvX4rHY,1188
 google/adk/tools/retrieval/base_retrieval_tool.py,sha256=4aar8Kg-6rQG7Ht1n18D5fvJnuffodFdSjeCp-GzA7w,1174
 google/adk/tools/retrieval/files_retrieval.py,sha256=UvxXjs3t8O2VO7o4wagHah2ydHT6sl0bLMsKxDVTOHU,1271
@@ -234,8 +235,8 @@ google/adk/utils/__init__.py,sha256=Q9FlRO2IfSE9yEaiAYzWkOMBJPCaNYqh4ihcp0t0BQs,
 google/adk/utils/feature_decorator.py,sha256=DzGHMTStf4-S9BNiA4EqcCJbrdKijhgeSUSPdzM44H8,5048
 google/adk/utils/instructions_utils.py,sha256=al9Z-P8qOrbxNju8cqkeH7qRg0oQH7hfmvTG-0oSAQk,3996
 google/adk/utils/variant_utils.py,sha256=u9IuOn2aXG3ibDYshgLoogBXqH9Gd84ixArQoeLQiE8,1463
-google_adk-1.4.0.dist-info/entry_points.txt,sha256=zL9CU-6V2yQ2oc5lrcyj55ROHrpiIePsvQJ4H6SL-zI,43
-google_adk-1.4.0.dist-info/licenses/LICENSE,sha256=WNHhf_5RCaeuKWyq_K39vmp9F28LxKsB4SpomwSZ2L0,11357
-google_adk-1.4.0.dist-info/WHEEL,sha256=G2gURzTEtmeR8nrdXUJfNiB3VYVxigPQ-bEQujpNiNs,82
-google_adk-1.4.0.dist-info/METADATA,sha256=ZJf1XYtlb1017k3bc5mNCXcOQuIwkevN2Lvx1avtj20,9981
-google_adk-1.4.0.dist-info/RECORD,,
+google_adk-1.4.2.dist-info/entry_points.txt,sha256=zL9CU-6V2yQ2oc5lrcyj55ROHrpiIePsvQJ4H6SL-zI,43
+google_adk-1.4.2.dist-info/licenses/LICENSE,sha256=WNHhf_5RCaeuKWyq_K39vmp9F28LxKsB4SpomwSZ2L0,11357
+google_adk-1.4.2.dist-info/WHEEL,sha256=G2gURzTEtmeR8nrdXUJfNiB3VYVxigPQ-bEQujpNiNs,82
+google_adk-1.4.2.dist-info/METADATA,sha256=GFu7dUG7xYrhvSed3cY-WARhxOCrTlFmUMyzygCL2Ko,9981
+google_adk-1.4.2.dist-info/RECORD,,

google/adk/auth/exchanger/service_account_credential_exchanger.py

@@ -1,104 +0,0 @@
-# Copyright 2025 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-"""Credential fetcher for Google Service Account."""
-
-from __future__ import annotations
-
-from typing import Optional
-
-import google.auth
-from google.auth.transport.requests import Request
-from google.oauth2 import service_account
-from typing_extensions import override
-
-from ...utils.feature_decorator import experimental
-from ..auth_credential import AuthCredential
-from ..auth_credential import AuthCredentialTypes
-from ..auth_schemes import AuthScheme
-from .base_credential_exchanger import BaseCredentialExchanger
-
-
-@experimental
-class ServiceAccountCredentialExchanger(BaseCredentialExchanger):
-  """Exchanges Google Service Account credentials for an access token.
-
-  Uses the default service credential if `use_default_credential = True`.
-  Otherwise, uses the service account credential provided in the auth
-  credential.
-  """
-
-  @override
-  async def exchange(
-      self,
-      auth_credential: AuthCredential,
-      auth_scheme: Optional[AuthScheme] = None,
-  ) -> AuthCredential:
-    """Exchanges the service account auth credential for an access token.
-
-    If the AuthCredential contains a service account credential, it will be used
-    to exchange for an access token. Otherwise, if use_default_credential is True,
-    the default application credential will be used for exchanging an access token.
-
-    Args:
-        auth_scheme: The authentication scheme.
-        auth_credential: The credential to exchange.
-
-    Returns:
-        An AuthCredential in OAUTH2 format, containing the exchanged credential JSON.
-
-    Raises:
-        ValueError: If service account credentials are missing or invalid.
-        Exception: If credential exchange or refresh fails.
-    """
-    if auth_credential is None:
-      raise ValueError("Credential cannot be None.")
-
-    if auth_credential.auth_type != AuthCredentialTypes.SERVICE_ACCOUNT:
-      raise ValueError("Credential is not a service account credential.")
-
-    if auth_credential.service_account is None:
-      raise ValueError(
-          "Service account credentials are missing. Please provide them."
-      )
-
-    if (
-        auth_credential.service_account.service_account_credential is None
-        and not auth_credential.service_account.use_default_credential
-    ):
-      raise ValueError(
-          "Service account credentials are invalid. Please set the"
-          " service_account_credential field or set `use_default_credential ="
-          " True` to use application default credential in a hosted service"
-          " like Google Cloud Run."
-      )
-
-    try:
-      if auth_credential.service_account.use_default_credential:
-        credentials, _ = google.auth.default()
-      else:
-        config = auth_credential.service_account
-        credentials = service_account.Credentials.from_service_account_info(
-            config.service_account_credential.model_dump(), scopes=config.scopes
-        )
-
-      # Refresh credentials to ensure we have a valid access token
-      credentials.refresh(Request())
-
-      return AuthCredential(
-          auth_type=AuthCredentialTypes.OAUTH2,
-          google_oauth2_json=credentials.to_json(),
-      )
-    except Exception as e:
-      raise ValueError(f"Failed to exchange service account token: {e}") from e