Summary
The Pub/Sub and Eventarc trigger handlers use raw resource identifiers as user_id when creating sessions. These identifiers contain slashes, which makes the resulting sessions difficult to query via the ADK's REST session APIs.
Details
In trigger_routes.py:414, the Pub/Sub handler sets:
user_id = req.subscription or "pubsub-caller"
Pub/Sub push deliveries always send the fully-qualified subscription path:
projects/my-project/subscriptions/my-sub
Similarly, the Eventarc handler at trigger_routes.py:480 sets:
user_id = req.source or request.headers.get("ce-source") or "eventarc-caller"Eventarc sources look like //pubsub.googleapis.com/projects/my-project/topics/my-topic.
These values are used as user_id when creating sessions. Sessions are created and stored successfully, but retrieving them via the session list endpoint at adk_web_server.py:1347 is not possible because user_id is a URL path parameter:
GET /apps/{app_name}/users/{user_id}/sessions
ASGI/Starlette decodes %2F → / before routing, so a user_id containing slashes causes the request to 404 or match the wrong route.
Suggested fix
Replace slashes with a safe delimiter (--) to preserve the full resource path while keeping the user_id queryable:
# Pub/Sub: "projects/p/subscriptions/my-sub" → "projects--p--subscriptions--my-sub"
subscription = req.subscription or "pubsub-caller"
user_id = subscription.replace("/", "--")
# Eventarc: "//pubsub.googleapis.com/projects/p/topics/t" → "pubsub.googleapis.com--projects--p--topics--t"
source = req.source or request.headers.get("ce-source") or "eventarc-caller"
user_id = source.strip("/").replace("/", "--")This keeps the full resource identity intact, avoids information loss, and produces user_id values that are safe to use in URL path parameters.
Workaround
Add ASGI middleware to normalize the subscription field in the request body before it reaches the trigger handler.
Summary
The Pub/Sub and Eventarc trigger handlers use raw resource identifiers as
user_idwhen creating sessions. These identifiers contain slashes, which makes the resulting sessions difficult to query via the ADK's REST session APIs.Details
In
trigger_routes.py:414, the Pub/Sub handler sets:Pub/Sub push deliveries always send the fully-qualified subscription path:
Similarly, the Eventarc handler at
trigger_routes.py:480sets:Eventarc sources look like
//pubsub.googleapis.com/projects/my-project/topics/my-topic.These values are used as
user_idwhen creating sessions. Sessions are created and stored successfully, but retrieving them via the session list endpoint atadk_web_server.py:1347is not possible becauseuser_idis a URL path parameter:ASGI/Starlette decodes
%2F→/before routing, so auser_idcontaining slashes causes the request to 404 or match the wrong route.Suggested fix
Replace slashes with a safe delimiter (
--) to preserve the full resource path while keeping theuser_idqueryable:This keeps the full resource identity intact, avoids information loss, and produces
user_idvalues that are safe to use in URL path parameters.Workaround
Add ASGI middleware to normalize the
subscriptionfield in the request body before it reaches the trigger handler.