Skip to main content

Google A2A Protocol Integration

The A2A provider gives your agents governed credentials for the Google Agent-to-Agent Protocol — populate agent cards, validate incoming agent tokens, and issue scope-filtered credentials for A2A tasks.

Setup

import { WisperaA2AProvider } from '@id-wispera/core';

const a2a = new WisperaA2AProvider({ vaultPath: '~/.id-wispera' });

Agent Credentials

Populate an Agent Card with auth token, agent ID, scopes, and expiry from a vault passport. 
const agentCreds = await a2a.getAgentCredentials('my-agent');
// → { auth_token: '...', agent_id: '...', scopes: [...], expires_at: '...' }

Validate Agent Auth

Validate an incoming agent token against the vault. Returns the agent ID on success, or an error on failure. 
const result = await a2a.validateAgentAuth(incomingToken, 'expected-agent');
// Success: { valid: true, agent_id: 'expected-agent' }
// Failure: { valid: false, error: 'Token does not match any known agent' }
Use validateAgentAuth as middleware in your A2A task handler to authenticate every inbound request before processing.

Task Credentials

Get scope-filtered credentials for a specific A2A task. Only credentials whose scopes intersect with the required scopes are returned. 
const taskCreds = await a2a.getTaskCredentials(
  'task-456',                         // task ID
  ['storage.read', 'bigquery.read'],  // required scopes
  ['gcp-data-key', 'gcp-bq-key'],    // passport names to check
);

Google Cloud Key

Retrieve a Google Cloud API key for A2A service calls. 
const gcpKey = await a2a.getGoogleCloudKey('gcp-service-key');

Full Example

import { WisperaA2AProvider } from '@id-wispera/core';

const a2a = new WisperaA2AProvider({ vaultPath: '~/.id-wispera' });

// Publish an Agent Card
const agentCreds = await a2a.getAgentCredentials('my-agent');
console.log('Agent ID:', agentCreds.agent_id);
console.log('Scopes:', agentCreds.scopes);

// Validate an incoming request
const authResult = await a2a.validateAgentAuth(incomingToken, 'expected-agent');
if (!authResult.valid) {
  throw new Error(authResult.error);
}

// Issue task-scoped credentials
const taskCreds = await a2a.getTaskCredentials(
  'task-789',
  ['storage.read'],
  ['gcp-data-key'],
);

Next Steps

OpenAI Agents

Agent keys, tool auth, and multi-agent handoff credentials.

Slack

Bot, app, and user tokens with auto-detection.

Framework overview

All framework integrations and the base provider API.