Skip to main content

Google ADK integration for the Grantex delegated authorization protocol — scope-enforced agent tools

Project description

grantex-adk

Google Agent Development Kit (ADK) integration for the Grantex delegated authorization protocol — scope-enforced agent tools.

Wrap any function with Grantex grant token verification so your agents can only use tools they've been authorized for.

PyPI Python License

Homepage | Docs | Sign Up Free | GitHub

Install

pip install grantex-adk

You also need the Google ADK installed (it's a peer dependency):

pip install google-adk

Quick start

from grantex_adk import create_grantex_tool
from google.adk import Agent

# Create a scope-enforced tool from any function
read_calendar = create_grantex_tool(
    name="read_calendar",
    description="Read upcoming calendar events",
    grant_token=grant_token,       # JWT from Grantex authorization flow
    required_scope="calendar:read",
    func=get_calendar_events,      # your function
)

# Google ADK uses plain functions as tools — just pass them directly
agent = Agent(
    model="gemini-2.0-flash",
    name="assistant",
    tools=[read_calendar],
)

If the verified grant token doesn't include the required scope, create_grantex_tool raises a PermissionError immediately and the tool is never created.

API reference

create_grantex_tool()

Creates a plain function with the correct __name__ and __doc__ for ADK tool discovery, with JWKS-backed grant token verification.

Parameter Type Description
name str Tool name (becomes __name__)
description str Tool description (becomes __doc__)
grant_token str JWT grant token from Grantex
required_scope str Scope that must be present in the token
func Callable[..., str] The function to wrap
jwks_uri str JWKS URL used to verify the grant token
issuer, issuer_did, audience `str None`
clock_tolerance int Clock tolerance in seconds for token verification

get_tool_scopes()

Returns the scopes embedded in a grant token (offline, no network call).

decode_jwt_payload()

Decodes the payload of a JWT without verifying the signature. Useful for inspecting token claims.

Requirements

  • Python 3.9+
  • grantex >= 0.3.12
  • google-adk >= 0.2.0 (peer dependency)

Grantex Ecosystem

This package is part of the Grantex ecosystem. See also:

License

Apache-2.0

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

grantex_adk-0.1.6.tar.gz (5.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

grantex_adk-0.1.6-py3-none-any.whl (4.6 kB view details)

Uploaded Python 3

File details

Details for the file grantex_adk-0.1.6.tar.gz.

File metadata

  • Download URL: grantex_adk-0.1.6.tar.gz
  • Upload date:
  • Size: 5.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.4

File hashes

Hashes for grantex_adk-0.1.6.tar.gz
Algorithm Hash digest
SHA256 14b4a3aaf7b851b2ee61dd2b8797928d1c33ec37911d214e4cf138c2f7e5607a
MD5 51ec33636243269643d1755c41b03853
BLAKE2b-256 568da72bceeb35a49ee513fd993fbd140c395b047e76ebbacf28b058052e3dee

See more details on using hashes here.

File details

Details for the file grantex_adk-0.1.6-py3-none-any.whl.

File metadata

  • Download URL: grantex_adk-0.1.6-py3-none-any.whl
  • Upload date:
  • Size: 4.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.4

File hashes

Hashes for grantex_adk-0.1.6-py3-none-any.whl
Algorithm Hash digest
SHA256 6e2600058a535e9794d594a28197bd2b77b3594526519840f2104c70bdf9a187
MD5 6814ffe5dd11c1310c8ec581400386e5
BLAKE2b-256 e2f15798383538eed247aa59290434cabd987618f392a8de15dba93a8ad60815

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page