Skip to content

fix(tool/looker-conversational-analytics): OAuth token in GDA payload fix#3058

Merged
drstrangelooker merged 4 commits into
googleapis:mainfrom
datadriven-works:main
Apr 15, 2026
Merged

fix(tool/looker-conversational-analytics): OAuth token in GDA payload fix#3058
drstrangelooker merged 4 commits into
googleapis:mainfrom
datadriven-works:main

Conversation

@flaviojdz

@flaviojdz flaviojdz commented Apr 14, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

When using per-user OAuth (use_client_oauth: true), the ask_data_insights tool fails to authenticate with the Gemini Data Analytics API, while get_models and get_explores work correctly with the same token.

The MCP server extracts the full Authorization header value (e.g., "Bearer abc123") and passes it as accessToken to each tool's Invoke() method. The get_models/get_explores tools pass this to GetLookerSDK(), which sets it as an HTTP Authorization header where the "Bearer " prefix is expected. However, ask_data_insights was embedding the full "Bearer abc123" string into the JSON payload's access_token field sent to the GDA API, which expects only the raw token value.

The fix calls accessToken.ParseBearerToken() to strip the "Bearer " prefix before placing the token into the TokenBased struct. This only affects the OAuth code path; the SecretBased (client_id/client_secret) path is unchanged.

Before

oauth_creds.Token = TokenBased{AccessToken: string(accessToken)}
// Produces: {"access_token": "Bearer abc123"} -- rejected by GDA API

After

rawToken, err := accessToken.ParseBearerToken()
oauth_creds.Token = TokenBased{AccessToken: rawToken}
// Produces: {"access_token": "abc123"} -- correct

Files Changed

  • internal/tools/looker/lookerconversationalanalytics/lookerconversationalanalytics.go

PR Checklist

  • Make sure you reviewed
    CONTRIBUTING.md
  • Make sure to open an issue as a
    bug/issue
    before writing your code! That way we can discuss the change, evaluate
    designs, and agree on the general idea
  • Ensure the tests and linter pass
  • Code coverage does not decrease (if any source code was changed)
  • Appropriate docs were updated (if necessary)
  • Make sure to add ! if this involve a breaking change

🛠️ Fixes #3057

@flaviojdz flaviojdz requested review from a team as code owners April 14, 2026 18:18
@drstrangelooker

drstrangelooker commented Apr 14, 2026

Copy link
Copy Markdown
Contributor

/gcbrun

gemini-code-assist[bot]
gemini-code-assist Bot reviewed Apr 14, 2026
View reviewed changes

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the Looker Conversational Analytics tool to properly parse bearer tokens using the ParseBearerToken method, replacing the previous direct string conversion. A review comment suggests simplifying the error handling by avoiding redundant error wrapping and instead returning the error directly if it satisfies the expected interface.

Comment thread internal/tools/looker/lookerconversationalanalytics/lookerconversationalanalytics.go
@flaviojdz @gemini-code-assist
Update internal/tools/looker/lookerconversationalanalytics/lookerconv…
df0dff5 
…ersationalanalytics.go


gemini code assist feedback

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
@drstrangelooker drstrangelooker added the tests: run Label to trigger Github Action tests. label Apr 14, 2026
@drstrangelooker

drstrangelooker commented Apr 14, 2026

Copy link
Copy Markdown
Contributor

/gcbrun

@drstrangelooker drstrangelooker added the release candidate Use label to signal PR should be included in the next release. label Apr 14, 2026
@drstrangelooker drstrangelooker changed the title # fix(tool/looker-conversational-analytics): OAuth token in GDA payload fix fix(tool/looker-conversational-analytics): OAuth token in GDA payload fix Apr 14, 2026
duwenxin99
duwenxin99 approved these changes Apr 14, 2026
View reviewed changes

@duwenxin99 duwenxin99 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@flaviojdz Could you fix the lint error? Thanks!

@drstrangelooker

drstrangelooker commented Apr 14, 2026

Copy link
Copy Markdown
Contributor

Here is the git diff after running golangci-lint run --fix

diff --git a/internal/tools/looker/lookerconversationalanalytics/lookerconversationalanalytics.go b/internal/tools/looker/lookerconversationalanalytics/lookerconversationalanalytics.go
index 6d5e90e70ae..adb0f2a3613 100644
--- a/internal/tools/looker/lookerconversationalanalytics/lookerconversationalanalytics.go
+++ b/internal/tools/looker/lookerconversationalanalytics/lookerconversationalanalytics.go
@@ -249,7 +249,7 @@ func (t Tool) Invoke(ctx context.Context, resourceMgr tools.SourceProvider, para
        }
        oauth_creds := OAuthCredentials{}
        if source.UseClientAuthorization() {
-rawToken, err := accessToken.ParseBearerToken()
+               rawToken, err := accessToken.ParseBearerToken()
                if err != nil {
                        return nil, err.(util.ToolboxError)
                }

@drstrangelooker

drstrangelooker commented Apr 14, 2026

Copy link
Copy Markdown
Contributor

@flaviojdz Also merge the latest changes in. Then we can merge.

@drstrangelooker drstrangelooker added the priority: p2 Moderately-important priority. Fix may not be included in next release. label Apr 14, 2026
@drstrangelooker

drstrangelooker commented Apr 15, 2026

Copy link
Copy Markdown
Contributor

/gcbrun

@drstrangelooker drstrangelooker merged commit 6632d96 into googleapis:main Apr 15, 2026
14 checks passed
@release-please release-please Bot mentioned this pull request Apr 15, 2026
Merged
@drstrangelooker

drstrangelooker commented Apr 15, 2026

Copy link
Copy Markdown
Contributor

Just an FYI @flaviojdz we are currently in code freeze for Next26. This will be released after next week.

@flaviojdz

flaviojdz commented Apr 15, 2026 via email

Copy link
Copy Markdown
Contributor Author

Yuan325 added a commit that referenced this pull request May 7, 2026
@release-please @Yuan325
chore(main): release 1.2.0 (#3059)
48f0000 
🤖 I have created a release *beep* *boop*
---


##
[1.2.0](v1.1.0...v1.2.0)
(2026-05-07)


### Features

* Add support for HTTPS/TLS listener
([#3126](#3126))
([8bc385d](8bc385d))
* **source/bigquery:** Add maximumBytesBilled source config
([#2724](#2724))
([42f2d07](42f2d07))
* **source/cloud-storage:** Add bucket and object management tools
([#3129](#3129))
([8de9bcf](8de9bcf))
* **source/cloud-storage:** Add Cloud Storage source with list_objects
and read_object tools
([#3081](#3081))
([da27b37](da27b37))
* **source/cloud-storage:** Add write/copy/move/delete object tools
([#3139](#3139))
([b225fc4](b225fc4))
* **tools/knowledge-catalog:** Search Data Quality Scans
([#2444](#2444))
([1c63551](1c63551))


### Bug Fixes

* Allow converting string literal block with list
([#3050](#3050))
([36ab2a9](36ab2a9)),
closes [#3023](#3023)
* **mcp:** Implement router-level logger injection for MCP auth
([#3067](#3067))
([ccc7cf5](ccc7cf5))
* Prevent test.db from being created during unit tests
([#3042](#3042))
([d10d2ca](d10d2ca))
* Remove hardcoded * allowed origin for sse
([#3054](#3054))
([c4c7bd9](c4c7bd9))
* **sources/postgres:** Apply URL encoding to query string params
([#3020](#3020))
([6b860f4](6b860f4))
* **tool/looker-conversational-analytics:** OAuth token in GDA payload
fix ([#3058](#3058))
([6632d96](6632d96))
* **tools/bigquery-execute-sql:** Avoid surfacing invalid queries as MCP
500s ([#3056](#3056))
([7ed92c8](7ed92c8))
* **tools/looker:** Fix OAuth for Converational Analytics
([#3044](#3044))
([f9e3e55](f9e3e55))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
@BrewTestBot BrewTestBot mentioned this pull request May 7, 2026
Merged
pavankrishna13 pushed a commit to pavankrishna13/genai-toolbox that referenced this pull request May 19, 2026
@release-please @Yuan325 @pavankrishna13
chore(main): release 1.2.0 (googleapis#3059)
9c03b8d 
🤖 I have created a release *beep* *boop*
---


##
[1.2.0](googleapis/mcp-toolbox@v1.1.0...v1.2.0)
(2026-05-07)


### Features

* Add support for HTTPS/TLS listener
([googleapis#3126](googleapis#3126))
([8bc385d](googleapis@8bc385d))
* **source/bigquery:** Add maximumBytesBilled source config
([googleapis#2724](googleapis#2724))
([42f2d07](googleapis@42f2d07))
* **source/cloud-storage:** Add bucket and object management tools
([googleapis#3129](googleapis#3129))
([8de9bcf](googleapis@8de9bcf))
* **source/cloud-storage:** Add Cloud Storage source with list_objects
and read_object tools
([googleapis#3081](googleapis#3081))
([da27b37](googleapis@da27b37))
* **source/cloud-storage:** Add write/copy/move/delete object tools
([googleapis#3139](googleapis#3139))
([b225fc4](googleapis@b225fc4))
* **tools/knowledge-catalog:** Search Data Quality Scans
([googleapis#2444](googleapis#2444))
([1c63551](googleapis@1c63551))


### Bug Fixes

* Allow converting string literal block with list
([googleapis#3050](googleapis#3050))
([36ab2a9](googleapis@36ab2a9)),
closes [googleapis#3023](googleapis#3023)
* **mcp:** Implement router-level logger injection for MCP auth
([googleapis#3067](googleapis#3067))
([ccc7cf5](googleapis@ccc7cf5))
* Prevent test.db from being created during unit tests
([googleapis#3042](googleapis#3042))
([d10d2ca](googleapis@d10d2ca))
* Remove hardcoded * allowed origin for sse
([googleapis#3054](googleapis#3054))
([c4c7bd9](googleapis@c4c7bd9))
* **sources/postgres:** Apply URL encoding to query string params
([googleapis#3020](googleapis#3020))
([6b860f4](googleapis@6b860f4))
* **tool/looker-conversational-analytics:** OAuth token in GDA payload
fix ([googleapis#3058](googleapis#3058))
([6632d96](googleapis@6632d96))
* **tools/bigquery-execute-sql:** Avoid surfacing invalid queries as MCP
500s ([googleapis#3056](googleapis#3056))
([7ed92c8](googleapis@7ed92c8))
* **tools/looker:** Fix OAuth for Converational Analytics
([googleapis#3044](googleapis#3044))
([f9e3e55](googleapis@f9e3e55))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@drstrangelooker drstrangelooker drstrangelooker approved these changes

@duwenxin99 duwenxin99 duwenxin99 approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@duwenxin99 duwenxin99

Labels

priority: p2 Moderately-important priority. Fix may not be included in next release. release candidate Use label to signal PR should be included in the next release. tests: run Label to trigger Github Action tests.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ask_data_insights fails authentication when using per-user OAuth (use_client_oauth: true)

3 participants

@flaviojdz @drstrangelooker @duwenxin99