Agentspace authorization access tokens no longer available in ToolContext.state["temp:*] #3274
Description
Describe the bug
When ADK is deployed on AgentEngine and registered as an Agent in Agentspace with an authorizer, the OAUTH access token the agent needs to communicate with an external service is passed as temp:<authorizer-id> to the agent. And before ADK 1.17.0, we were able to read these variables in the before_tool_callback method using the tool_context.state dict. But as of ADK Python v1.17.0, the tokens are no longer found within the state variable causing integrations to break.
I think this bug was introduced into the InMemorySessionService._create_session_impl() with the addition of the extract state deltas and the explicit removal of temp variables from state. So when create_session is called and state is passed in with the authorization keys under the temp: prefix, they are not added to state.
To Reproduce
Steps to reproduce the behavior:
- Use ADK 1.17.0
- Create a simple agent with a before_tool_callback method that reads
temp:<authorization_id>variables from state. - Deploy using agent engine with default AdkApp
- Create OAUTH Client and register client and scopes to an authorizer
- Register Agent with Agentspace with authorizer.
Expected behavior
OAuth credentials read from request.authorizations within the AdkApp should be accessible within ToolContext.state
Desktop (please complete the following information):
- OS: Linux (reproduced on Agent Engine)
- Python version: 3.13+
- ADK version: 1.17.0
Model Information:
- Are you using LiteLLM: No
- Which model is being used: gemini-2.5-flash
Additional context
Impact
- Severity: High - Breaks Agentspace + Authorizer authorization for ADK agents deployed onto Agent Engine using the default AdkApp
- Affected versions: v1.17.0 only
- Working version: v1.16.0