docs(a2a): correct A2A auth header — Authorization: Bearer only, drop x-adcp-auth on A2A surface#4224
Draft
docs(a2a): correct A2A auth header — Authorization: Bearer only, drop x-adcp-auth on A2A surface#4224
Conversation
…-auth on A2A surface Fixes issue #4223. adcp 4.5.0's per-leg BearerTokenAuth config makes A2A RFC 6750-only; x-adcp-auth is now a MCP-only back-compat alias. Correct three documentation errors that cause HTTP 401 for developers on 4.5.0: - authentication.mdx: split the false "both legs same header" claim into a per-leg alias policy table; add a Warning for sellers migrating the a2a_header_name knob. - a2a-guide.mdx: replace legacy apiKey: field with auth: {type,token} in the A2AClient init snippet. - a2a-guide.mdx: add securitySchemes/security to the sample agent card so sellers declare the correct bearerAuth HTTPAuthSecurityScheme. https://claude.ai/code/session_019Syf6X1uxPcLgV9ggxixXB
bokelley
added
the
claude-triaged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #4223
adcp 4.5.0 ships per-leg
BearerTokenAuthconfig that makes the A2A leg RFC 6750-only (Authorization: Bearer <token>);x-adcp-authis now a back-compat alias accepted only on the MCP leg. Three doc errors were causing HTTP 401 for developers copy-pasting against 4.5.0 sellers. This PR corrects all three in two files.Changes:
docs/building/by-layer/L2/authentication.mdx— replaces the false "both legs use the same authentication header" claim with a per-leg alias policy; adds a<Warning>for sellers migrating thea2a_header_nameknob.docs/building/by-layer/L0/a2a-guide.mdx— updates theA2AClientinit snippet from the legacyapiKey:field toauth: { type: 'bearer', token: ... }; addssecuritySchemes/securityto the sample agent card so the card correctly declares abearerAuthHTTPAuthSecurityScheme.Non-breaking justification: docs-only update correcting examples to match already-shipped wire behavior (adcp 4.5.0). No schema, enum, task, or endpoint changes. Changeset is
--empty.Pre-PR review:
auth: { type, token }shape confirmed consistent with existingauthentication.mdxlines 334–342;--emptychangeset correct for docs-only fix of shipped behavior;build-a-caller.mdx:83auth_token:is MCP-specific and out of scope. One nit: "HTTPAuthSecurityScheme" term is non-standard prose — acceptable for now./docs/building/by-layer/L0/a2a-guide#agent-cardsvalid;<Warning>severity correct for production-401 migration callout;build-a-caller.mdx:83auth_token:is MCP (protocol: 'mcp') not A2A — not a gap for this PR. Per-leg distinction clear to a first-time reader.Session: https://claude.ai/code/session_019Syf6X1uxPcLgV9ggxixXB
Generated by Claude Code