fix(auth): Prevent duplicate OAuth prompts and fix tool resumption ma…

[tonycoco]

Please ensure you have read the contribution guide before creating a pull request.

Link to Issue or Description of Change

1. Link to an existing issue (if applicable):

• Closes: # (Include issue number if applicable)

2. Or, if no issue exists, describe the change:

Problem:
During workflow execution, if multiple tools or functions require authentication under the same OAuth credential config, the system prompts the user multiple times (duplicate auth events). Additionally, when resuming execution after the user provides authorization, the preprocessor failed to map which tools should be resumed due to strict function call ID checks, and raised AttributeError on mocked events lacking actions properties during test runs.

Solution:

1. Deduplication: Filtered the requested auth configurations in build_auth_request_event (located in functions.py) to merge requests sharing the same credential_key.
2. Defensive Mocking Resilience: Replaced direct field accesses on event.actions and requested_auth_config properties in auth_preprocessor.py with defensive getattr(..., None) checks, preventing test environment crashes.
3. Exchanged Key Consistency: Prepend user: namespace prefix to credential keys in openapi's tool_auth_handler.py to match the storage conventions.

Testing Plan

All changes are fully verified using both pre-existing and newly added unit tests.

Unit Tests:

• I have added or updated unit tests for my change.
• All unit tests pass locally.

Summary of passed pytest results:

============================= test session starts ==============================
platform darwin -- Python 3.12.13, pytest-9.0.2, pluggy-1.6.0
rootdir: /Users/USER/Development/adk-python
configfile: pyproject.toml
collected 16 items

tests/unittests/auth/test_toolset_auth.py ................               [100%]
======================= 16 passed, 20 warnings in 0.70s ========================

Passed all 183 tests under tests/unittests/auth/ including tests for OAuth request preprocessing, mock resilience, and the newly added test_duplicate_auth_requests_are_deduplicated.

Manual End-to-End (E2E) Tests:
To verify deduplication:

1. Define a workflow with two tools configured with identical OAuth credentials.
2. Trigger the workflow; the runner will prompt the client with a single deduplicated adk_request_credential tool call.
3. Provide the auth credentials; the runner successfully resumes execution for both tools.

Checklist

• I have read the CONTRIBUTING.md document.
• I have performed a self-review of my own code.
• I have commented my code, particularly in hard-to-understand areas.
• I have added tests that prove my fix is effective or that my feature works.
• New and existing unit tests pass locally with my changes.
• I have manually tested my changes end-to-end.
• Any dependent changes have been merged and published in downstream modules.

Additional context

Formatting and linting checks were fully passed via pre-commit run --files (utilizing pyink and isort).

[adk-bot]

Response from ADK Triaging Agent

Hello @tonycoco, thank you for submitting this PR to address the duplicate OAuth prompts and tool resumption mapping!

To help reviewers understand and verify your changes more quickly, could you please update your PR description with the following details from our contribution guidelines:

• Logs or Screenshots: Please provide logs or screenshots showcasing the behavior after applying your fix (e.g., showing the deduplicated OAuth flow).
• Testing Plan: Please include a dedicated testing plan section outlining how you tested these changes (beyond the unit tests, or describing the unit tests and any manual verification you performed).

This context is highly appreciated and helps us review your contribution more efficiently. Thank you!

[rohityan]

/adk-pr-analyze