class FederatedCredentialsBearer(ParentBearer): (source)
Constructor: FederatedCredentialsBearer(federated_credentials, service_account_id, channel, max_retries, ...)
Bearer that exchanges federated credentials for access tokens.
The class composes an ExchangeableBearer (performs the
token exchange) wrapped by RenewableBearer (background
refresh). It is a convenience wrapper for the common case where a
consumer has federated credentials stored in a file or provided via
a reader.
If the federated credentials originate from a file, the resulting
bearer is wrapped in a NamedBearer to provide a stable cacheable name.
Parameters are the same as for the underlying components and are passed through accordingly. See the examples in the module docstring for common usage patterns.
Example
Construct a bearer and use it to initialize the SDK:
from asyncio import Future
from nebius.sdk import SDK
from nebius.aio.token.federated_credentials import FederatedCredentialsBearer
# Create a future for the channel that will be resolved with the SDK
channel_future = Future()
sdk = SDK(credentials=FederatedCredentialsBearer(
federated_credentials="/path/to/fed-credentials.json",
service_account_id="your-service-account-id",
channel=channel_future,
))
# Resolve the future with the newly created SDK
channel_future.set_result(sdk)
| Parameters | |
| federated | Either a reader, a token requester
or a string path pointing to a file containing federated
credentials. When a string is provided it is interpreted via
FileFederatedCredentials. |
| service | Required when federated_credentials is a reader or a string; identifies the target service account for the exchange. |
| channel | Optional gRPC channel used for token exchange or
a DeferredChannel that resolves to a channel later. |
| max | Maximum per-request retry attempts. |
| lifetime | Fraction of token lifetime before triggering refresh. |
| initial | Initial retry backoff. |
| max | Maximum retry backoff. |
| retry | Exponential backoff base. |
| refresh | Timeout for a single refresh request. |
| Method | __init__ |
Create a federated credentials backed bearer. |
| Method | receiver |
Return a per-request receiver constructed from the underlying renewable bearer. |
| Method | set |
Attach a concrete gRPC channel to the underlying exchangeable. |
| Property | wrapped |
Return the outermost wrapped bearer (typically the renewable source). |
| Instance Variable | _exchangeable |
Undocumented |
| Instance Variable | _source |
Undocumented |
Inherited from Bearer:
| Async Method | close |
Close the bearer and any wrapped resources. |
| Property | name |
Optional human-readable name for the bearer. |
FederatedCredentialsTokenRequester | FederatedCredentialsReader | str, service_account_id: str | None = None, channel: ClientChannelInterface | DeferredChannel | None = None, max_retries: int = 2, lifetime_safe_fraction: float = 0.9, initial_retry_timeout: timedelta = timedelta(timedelta = timedelta(float = 1.5, refresh_request_timeout: timedelta = timedelta(Create a federated credentials backed bearer.
Attach a concrete gRPC channel to the underlying exchangeable.
This is a simple convenience method that forwards the channel to
the embedded ExchangeableBearer.
nebius.aio.token.token.Bearer.wrappedReturn the outermost wrapped bearer (typically the renewable source).
| Returns | |
The wrapped ParentBearer used by this convenience wrapper. |