chore: autoformat

google · guillaumeblaquiere · Dec 5, 2025 · Dec 5, 2025 · Dec 5, 2025 · Dec 6, 2025
commit b6cb922e5a8b457d94c60d93c959da2a808dcf94
diff --git a/contributing/samples/gepa/experiment.py b/contributing/samples/gepa/experiment.py
@@ -43,7 +43,6 @@
 from tau_bench.types import EnvRunResult
 from tau_bench.types import RunConfig
 import tau_bench_agent as tau_bench_agent_lib
-
 import utils
 
 

diff --git a/contributing/samples/gepa/run_experiment.py b/contributing/samples/gepa/run_experiment.py
@@ -25,7 +25,6 @@
 from absl import flags
 import experiment
 from google.genai import types
-
 import utils
 
 _OUTPUT_DIR = flags.DEFINE_string(

diff --git a/src/google/adk/auth/auth_handler.py b/src/google/adk/auth/auth_handler.py
@@ -43,30 +43,29 @@ async def exchange_auth_token(
       self,
   ) -> AuthCredential:
     exchanger = OAuth2CredentialExchanger()
-    
+
     # Restore secret if needed
     credential = self.auth_config.exchanged_auth_credential
     redacted = False
     original_secret = None
-    
+
     if credential and credential.oauth2 and credential.oauth2.client_id:
-        # Check if secret needs restoration
-        from .credential_manager import CredentialManager
-        secret = CredentialManager.get_client_secret(credential.oauth2.client_id)
-        if secret and credential.oauth2.client_secret == "<redacted>":
-            original_secret = credential.oauth2.client_secret
-            credential.oauth2.client_secret = secret
-            redacted = True
+      # Check if secret needs restoration
+      from .credential_manager import CredentialManager
+
+      secret = CredentialManager.get_client_secret(credential.oauth2.client_id)
+      if secret and credential.oauth2.client_secret == "<redacted>":
+        original_secret = credential.oauth2.client_secret
+        credential.oauth2.client_secret = secret
+        redacted = True
 
     try:
-        res = await exchanger.exchange(
-            credential, self.auth_config.auth_scheme
-        )
-        return res
+      res = await exchanger.exchange(credential, self.auth_config.auth_scheme)
+      return res
     finally:
-        # Always re-redact if we restored it
-        if redacted and credential and credential.oauth2:
-            credential.oauth2.client_secret = "<redacted>"
+      # Always re-redact if we restored it
+      if redacted and credential and credential.oauth2:
+        credential.oauth2.client_secret = "<redacted>"
 
   async def parse_and_store_auth_response(self, state: State) -> None:
 
@@ -200,13 +199,14 @@ def generate_auth_uri(
 
     client_id = auth_credential.oauth2.client_id
     client_secret = auth_credential.oauth2.client_secret
-    
+
     # Check if secret is redacted and restore it from manager
     if client_secret == "<redacted>" and client_id:
-        from .credential_manager import CredentialManager
-        secret = CredentialManager.get_client_secret(client_id)
-        if secret:
-            client_secret = secret
+      from .credential_manager import CredentialManager
+
+      secret = CredentialManager.get_client_secret(client_id)
+      if secret:
+        client_secret = secret
 
     client = OAuth2Session(
         client_id,

diff --git a/src/google/adk/auth/auth_tool.py b/src/google/adk/auth/auth_tool.py
@@ -81,11 +81,11 @@ def get_credential_key(self):
     if auth_credential and auth_credential.model_extra:
       auth_credential = auth_credential.model_copy(deep=True)
       auth_credential.model_extra.clear()
-    
+
     # Normalize secret to ensure stable key regardless of redaction
     if auth_credential and auth_credential.oauth2:
-        auth_credential = auth_credential.model_copy(deep=True)
-        auth_credential.oauth2.client_secret = None
+      auth_credential = auth_credential.model_copy(deep=True)
+      auth_credential.oauth2.client_secret = None
 
     credential_name = (
         f"{auth_credential.auth_type.value}_{hash(auth_credential.model_dump_json())}"

diff --git a/src/google/adk/auth/credential_manager.py b/src/google/adk/auth/credential_manager.py
@@ -138,16 +138,21 @@ def _secure_client_secret(self, credential: Optional[AuthCredential]):
         and credential.oauth2.client_secret
         and credential.oauth2.client_secret != "<redacted>"
     ):
-      logger.info(f"Securing client secret for client_id: {credential.oauth2.client_id}")
+      logger.info(
+          f"Securing client secret for client_id: {credential.oauth2.client_id}"
+      )
       # Store in memory map
       self._CLIENT_SECRETS[credential.oauth2.client_id] = (
           credential.oauth2.client_secret
       )
       # Redact from config
       credential.oauth2.client_secret = "<redacted>"
     else:
-        if credential and credential.oauth2:
-             logger.debug(f"Not securing secret for client_id {credential.oauth2.client_id}: secret is {credential.oauth2.client_secret}")
+      if credential and credential.oauth2:
+        logger.debug(
+            f"Not securing secret for client_id {credential.oauth2.client_id}:"
+            f" secret is {credential.oauth2.client_secret}"
+        )
 
   @staticmethod
   def get_client_secret(client_id: str) -> Optional[str]:

diff --git a/src/google/adk/auth/oauth2_credential_util.py b/src/google/adk/auth/oauth2_credential_util.py
@@ -108,7 +108,9 @@ def update_credential_with_tokens(
       tokens: The OAuth2Token object containing new token information.
   """
   auth_credential.oauth2.access_token = tokens.get("access_token")
-  sys.stderr.write(f"[DEBUG] Assigned access_token: {auth_credential.oauth2.access_token}\n")
+  sys.stderr.write(
+      f"[DEBUG] Assigned access_token: {auth_credential.oauth2.access_token}\n"
+  )
   auth_credential.oauth2.refresh_token = tokens.get("refresh_token")
   auth_credential.oauth2.expires_at = (
       int(tokens.get("expires_at")) if tokens.get("expires_at") else None

diff --git a/tests/unittests/auth/test_credential_manager.py b/tests/unittests/auth/test_credential_manager.py
@@ -36,17 +36,17 @@
 import pytest
 
 
-
 def create_auth_config_mock():
   """Creates a mock AuthConfig that returns itself on model_copy."""
-  # We remove spec=AuthConfig because accessing Pydantic fields on a spec-ed mock 
+  # We remove spec=AuthConfig because accessing Pydantic fields on a spec-ed mock
   # can fail if they are not seen as class attributes or if we need dynamic attributes.
-  m = Mock() 
-  m.spec = AuthConfig # Optional: if we want isinstance to work, but Mock(spec=X) enforces attributes.
+  m = Mock()
+  m.spec = AuthConfig  # Optional: if we want isinstance to work, but Mock(spec=X) enforces attributes.
   # Let's just use a plain Mock and configure what we need.
   m.model_copy.side_effect = lambda **kwargs: m
   return m
 
+
 class TestCredentialManager:
   """Test suite for CredentialManager."""