adk_request_credential FunctionCall args contain non-JSON-serializable SecuritySchemeType enum

[doughayden]

🔴 Required Information

Describe the Bug:

build_auth_request_event in src/google/adk/flows/llm_flows/functions.py builds the adk_request_credential (EUC) FunctionCall.args with AuthToolArguments(...).model_dump(exclude_none=True, by_alias=True). The default mode="python" leaves the auth scheme's type field as a live SecuritySchemeType enum member inside the args dict, rather than its string value. The resulting Event.content is therefore not JSON-serializable: any consumer that calls json.dumps on the in-memory event content raises TypeError: Object of type SecuritySchemeType is not JSON serializable.

This is latent for most flows because the session DB launders enums to strings on write (pydantic JSON serialization), and ADK's own auth preprocessor re-validates the args from either form. It surfaces for any consumer that serializes the in-memory event before it round-trips through the DB. A concrete trigger is memory ingestion: VertexAiMemoryBankService hands the in-memory event.content to the Vertex SDK, which json.dumps's it.

Steps to Reproduce:

Run the snippet below against google-adk 2.2.0. It performs the same model_dump call as build_auth_request_event and then the same json.dumps the Vertex SDK performs during memory ingestion.

import json
from google.adk.auth.auth_tool import AuthConfig, AuthToolArguments
from google.adk.auth.auth_credential import AuthCredential, AuthCredentialTypes, OAuth2Auth
from google.adk.auth.auth_schemes import OAuth2
from fastapi.openapi.models import OAuthFlows, OAuthFlowAuthorizationCode

scheme = OAuth2(flows=OAuthFlows(authorizationCode=OAuthFlowAuthorizationCode(
    authorizationUrl="https://example/authorize", tokenUrl="https://example/token", scopes={})))
cfg = AuthConfig(auth_scheme=scheme,
                 raw_auth_credential=AuthCredential(auth_type=AuthCredentialTypes.OAUTH2,
                                                    oauth2=OAuth2Auth(client_id="x", client_secret="y")))

# The exact dump build_auth_request_event performs (functions.py, default mode="python")
args = AuthToolArguments(function_call_id="abc", auth_config=cfg).model_dump(
    exclude_none=True, by_alias=True)
print(repr(args["authConfig"]["authScheme"]["type"]))  # <SecuritySchemeType.oauth2: 'oauth2'> — live enum
json.dumps(args)  # TypeError: Object of type SecuritySchemeType is not JSON serializable

# The fix: mode="json" coerces the enum to its string value, same dump otherwise
fixed = AuthToolArguments(function_call_id="abc", auth_config=cfg).model_dump(
    mode="json", exclude_none=True, by_alias=True)
print(repr(fixed["authConfig"]["authScheme"]["type"]))  # 'oauth2'
json.dumps(fixed)  # passes

Expected Behavior:

The adk_request_credential FunctionCall.args are JSON-serializable, consistent with how the same content is stored and re-read from the session DB. model_dump(mode="json", exclude_none=True, by_alias=True) coerces the enum to its "oauth2" string while preserving aliases; ADK's parse-back is unaffected because pydantic validation accepts the string form (exactly what it already does for DB-read events).

Observed Behavior:

json.dumps on the in-memory event content raises:

TypeError: Object of type SecuritySchemeType is not JSON serializable

In a real flow (memory ingest on the EUC turn) this surfaces as a background task failure:

ERROR vertex_ai_memory_bank_service.py | Background ingest_events task failed: Object of type SecuritySchemeType is not JSON serializable

Environment Details:

• ADK Library Version (pip show google-adk): 2.2.0 (latest release; identical on main, the dump is at functions.py:305, SHA 9670ce2)
• Desktop OS: macOS
• Python Version (python -V): 3.13

Model Information:

• Are you using LiteLLM: No
• Which model is being used: N/A, the bug is in event construction and model-independent

---

🟡 Optional Information

Regression:

Not a recent regression. The python-mode dump has been in place across releases (present in the 1.x line and unchanged on the current 2.x main); it only becomes observable when a consumer serializes the in-memory EUC event before DB round-trip.

Logs:

TypeError: Object of type SecuritySchemeType is not JSON serializable

Additional Context:

Sibling call sites in the same file use the same python-mode model_dump and may carry the same hazard if their models contain enums (like the tool-confirmation args around functions.py:368/:371, and event.actions.model_dump(...) near line 1241). Worth a glance during the fix, but the auth-request path is the confirmed, reproducible one. Discovered downstream while validating an OAuth resume flow; the in-memory event reached json.dumps via memory ingestion before any DB round-trip.

Minimal Reproduction Code:

Inline in Steps to Reproduce above; self-contained against a clean pip install google-adk==2.2.0.

How often has this issue occurred?:

• Always (100%), deterministic for any consumer that json.dumps's the in-memory EUC event content.

[adk-bot]

GitHub Issue #6006 Analysis: adk_request_credential FunctionCall args contain non-JSON-serializable SecuritySchemeType enum

Executive Summary

1. What is broken? Pydantic's default .model_dump() serialization uses mode="python", retaining nested SecuritySchemeType enums as live Python Enum objects in the dumped args dictionary, rather than serializing them to primitive strings. When downstream consumers (such as the Vertex AI SDK during memory ingestion) attempt to serialize these in-memory events via standard JSON methods (like json.dumps()), it raises a TypeError: Object of type SecuritySchemeType is not JSON serializable exception.
2. Is there a linked PR that fixes this issue? None
3. Recommendation: Should Fix (High Priority). This bug fails background tasks deterministicly (e.g. in VertexAiMemoryBankService) whenever an EUC turn auth-request occurs, blocking critical functionality. The fix is low risk and simply requires updating .model_dump() to use mode="json".

Detailed Analysis

1. Root Cause Analysis ("What is broken?")

When an End User Credential (EUC) request is built to execute tools or toolset-level authentication, build_auth_request_event(...) is invoked to construct an authorization request with an adk_request_credential FunctionCall. Inside this function, the AuthToolArguments pydantic model is serialized to a dictionary via:

AuthToolArguments(
    function_call_id=function_call_id,
    auth_config=auth_config,
).model_dump(exclude_none=True, by_alias=True)

Because no Python-to-JSON serialization mode is specified, Pydantic defaults to mode="python". This preserves the nested SecuritySchemeType enum fields (the auth scheme's type field, such as SecuritySchemeType.oauth2) as live Python Enum members nested inside the returned dictionary.

While the issue is usually hidden during round-tripping through standard databases (which deserialize JSON to string values, automatically "cleansing" the enum objects), it immediately surfaces when any consumer or SDK performs standard JSON serialization (such. as json.dumps) directly on the in-memory event content beforehand.

A critical downstream failure occurs inside the VertexAiMemoryBankService background task ingest_events where the intact in-memory event.content containing the live SecuritySchemeType object is passed to the Vertex SDK, raising:
TypeError: Object of type SecuritySchemeType is not JSON serializable

Code References

The failure resides in the following two core locations where AuthToolArguments are dumped without mode="json":

• functions.py — Used in LLM Flows for building tool authentication request events.
• _workflow_hitl_utils.py — Used in Workflows for constructing HITL authorization credential request events.

Additionally, other sibling call sites of .model_dump are vulnerable to the same issue if they ever process nested Enum members:

• functions.py — Used when dumping originalFunctionCall and toolConfirmation to construct tool confirmation requests.

---

2. Existing Pull Requests ("Is there a linked PR that fixes this issue?")

• Linked PR: None
• PR URL: N/A
• Analysis: A search of PRs using gh pr list --repo google/adk-python --search "6006" returned no matches. However, the root cause logic has been verified locally on the current main branch.

---

3. Recommendation

• Recommendation: Should Fix (High Priority)
• Rationale:
  • User Impact: Greatly disrupts human-in-the-loop (HITL) and EUC authentication scenarios by causing background engine tasks to crash deterministically with uncaught type errors.
  • Implementation Complexity: Low. The fix is extremely safe. Changing the dump logic to use Pydantic V2's mode="json" natively coerces nested enums into their target JSON strings while remaining fully backward-compatible with ADK's internal parsers (which safely validate enum strings back to enum members).
  • Proposed Fix Code Outline:

    # In src/google/adk/flows/llm_flows/functions.py (Line 305):
    ).model_dump(mode="json", exclude_none=True, by_alias=True)
    
    # In src/google/adk/workflow/utils/_workflow_hitl_utils.py (Line 175):
    ).model_dump(mode="json", exclude_none=True, by_alias=True)
    
    # In src/google/adk/flows/llm_flows/functions.py (Lines 368 & 371):
    'originalFunctionCall': original_function_call.model_dump(
        mode="json", exclude_none=True, by_alias=True
    ),
    'toolConfirmation': tool_confirmation.model_dump(
        mode="json", by_alias=True, exclude_none=True
    ),

Next Steps & Summary of Work

I analyzed GitHub Issue #6006, mapped down all root extraction failure points including functions.py and external workflow counterparts, verified that no linked PRs currently exist, and provided a comprehensive architectural fix.

Please let me know if you would like me to proceed with implementing the fixes and verifying the tests!