Describe the bug

I tried to get user-auth working with an OpenAPI toolset based on this documentation.

The initial user query causes multiple sequential openapi tool calls, the first triggering the authorization flow.
After the adk_request_credential function response was provided with the authorization code following things happen:

1. The execution of the first tool call triggering the authorization is resumed
2. The authorization code is exchanged against an token
3. The API call succeeds
4. The next tool call tries to exchange the authorization code against a token, resulting in the error below
5. The API call fails
6. The tool calls end up in endless loop, starting over resuming of the triggering tool which now fails again

Failed to exchange OAuth2 tokens: invalid_grant: The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.

I tried the flow via dev-ui, as well as via CLI with the provided helper functions.

To summarize: After resuming the execution, the first tool call is able to see the authorization code and get a token correctly. Every subsequent tool call does not see the token, rather only the authorization code and tries to fetch a token again which fails.

The problem does not appear when the initial user query is written in a way that it causes a single tool call.

My assumption is that this has to do with how session state is persisted and loaded.

To Reproduce
Steps to reproduce the behavior:

• Follow this documentation
• Use authentication with 2 consecutive tool calls

Expected behavior

I would expect that the second tool call to use the same oauth token as retrieved by the first tool call.

Screenshots

No screenshots available yet.

Desktop (please complete the following information):

• Linux
• Python 3.11.2
• ADK version 1.6.1 (also tried on a4baa35b847266f1efd7a497b3a36b8220e3eb3a)

Model Information:

• gemini-2.0-flash