nat.plugins.a2a.server.oauth_middleware

OAuth 2.0 token validation middleware for A2A servers.

Attributes

logger

Classes

OAuth2ValidationMiddleware

OAuth2 Bearer token validation middleware for A2A servers.

Module Contents

logger

class OAuth2ValidationMiddleware(

app,

config: nat.authentication.oauth2.oauth2_resource_server_config.OAuth2ResourceServerConfig,

)

Bases: starlette.middleware.base.BaseHTTPMiddleware

OAuth2 Bearer token validation middleware for A2A servers.

Validates Bearer tokens using NAT’s BearerTokenValidator which supports: - JWT validation via JWKS (RFC 7519) - Opaque token validation via introspection (RFC 7662) - OIDC discovery - Scope and audience enforcement

The middleware allows public access to the agent card discovery endpoint (/.well-known/agent.json) and validates all other A2A requests.

Initialize OAuth2 validation middleware.

Args:

app: Starlette application config: OAuth2 resource server configuration

validator

async dispatch(request: starlette.requests.Request, call_next)

Validate OAuth2 Bearer token for all requests except agent card discovery.

Args:

request: Incoming HTTP request call_next: Next middleware/handler in chain

Returns:

HTTP response (either error or result from next handler)