feat: Add an AuthInterceptor that can obtain credentials from a CredentialService

Author: fjuma

client/transport/spi/src/main/java/io/a2a/client/transport/spi/interceptors/auth/AuthInterceptor.java

@@ -0,0 +1,23 @@
+package io.a2a.client.transport.spi.interceptors.auth;
+
+import java.util.Map;
+
+import io.a2a.client.transport.spi.interceptors.ClientCallContext;
+import io.a2a.client.transport.spi.interceptors.ClientCallInterceptor;
+import io.a2a.client.transport.spi.interceptors.PayloadAndHeaders;
+import io.a2a.spec.AgentCard;
+
+public class AuthInterceptor extends ClientCallInterceptor {
+
+    private CredentialService credentialService;
+
+    public AuthInterceptor(CredentialService credentialService) {
+        this.credentialService = credentialService;
+    }
+
+    @Override
+    public PayloadAndHeaders intercept(String methodName, Object payload, Map<String, String> headers,
+                                       AgentCard agentCard, ClientCallContext clientCallContext) {
+        return null;
+    }
+}

client/transport/spi/src/main/java/io/a2a/client/transport/spi/interceptors/auth/CredentialService.java

@@ -0,0 +1,22 @@
+package io.a2a.client.transport.spi.interceptors.auth;
+
+import java.util.concurrent.CompletableFuture;
+
+import io.a2a.client.transport.spi.interceptors.ClientCallContext;
+
+/**
+ * Used to retrieve credentials.
+ */
+public interface CredentialService {
+
+    /**
+     * Retrieves a credential (e.g., token) for a security scheme.
+     *
+     * @param securitySchemeName the name of the security scheme
+     * @param clientCallContext the client call context, which may be {@code null}.
+     * @return a {@code CompletableFuture} that will complete with the credential string,
+     * or {@code null} if the credential could not be retrieved
+     */
+    CompletableFuture<String> getCredentials(String securitySchemeName,
+                                             ClientCallContext clientCallContext);
+}

client/transport/spi/src/main/java/io/a2a/client/transport/spi/interceptors/auth/InMemoryContextCredentialService.java

@@ -0,0 +1,50 @@
+package io.a2a.client.transport.spi.interceptors.auth;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.CompletableFuture;
+
+import io.a2a.client.transport.spi.interceptors.ClientCallContext;
+
+/**
+ * A simple in-memory store for session-keyed credentials.
+ * This class uses the 'sessionId' from the {@code ClientCallContext} state to
+ * store and retrieve credentials
+ */
+public class InMemoryContextCredentialService implements CredentialService {
+
+    private static final String SESSION_ID = "sessionId";
+
+    // maps a sessionId to a map of security scheme names to credentials
+    private final Map<String, Map<String, String>> credentialStore;
+
+    public InMemoryContextCredentialService() {
+        credentialStore = new HashMap<>();
+    }
+
+    @Override
+    public CompletableFuture<String> getCredentials(String securitySchemeName,
+                                                    ClientCallContext clientCallContext) {
+        if (clientCallContext == null || !clientCallContext.getState().containsKey(SESSION_ID)) {
+            // no credential to retrieve
+            return CompletableFuture.completedFuture(null);
+        }
+
+        String sessionId = (String) clientCallContext.getState().get(SESSION_ID);
+        Map<String, String> sessionCredentials = credentialStore.getOrDefault(sessionId, new HashMap<>());
+        String credential = sessionCredentials.get(securitySchemeName);
+        return CompletableFuture.completedFuture(credential);
+    }
+
+    /**
+     * Method to populate the in-memory credential service.
+     *
+     * @param sessionId the session ID
+     * @param securitySchemeName the name of the security scheme
+     * @param credential the credential string
+     */
+    public void setCredential(String sessionId, String securitySchemeName, String credential) {
+        Map<String, String> sessionIdCredentials = credentialStore.getOrDefault(sessionId, new HashMap<>());
+        sessionIdCredentials.put(securitySchemeName, credential);
+    }
+}