nebius.aio.token.federation

class documentation

class Bearer(ParentBearer): (source)

Constructor: Bearer(profile_name, client_id, federation_endpoint, federation_id, ...)

Bearer that exposes a federation interactive receiver.

The bearer is a lightweight wrapper that holds configuration used to construct Receiver instances. It also exposes a stable name used for caching and identification.

Interactive authorization flow (what happens on `fetch`)

When Receiver._fetch is invoked the implementation will call the helper nebius.aio.token.federation_bearer.auth.authorize which performs the interactive federation handshake. The typical flow is:

The helper constructs an authorization URL and either attempts to open

the user's default browser or returns the URL for the caller to display.
The helper will block while waiting for the user to complete the

authorization in the browser (for example by granting access). This means Receiver._fetch may hang until the user completes the flow.
The helper receives an authorization response containing an access token

and expiry. The receiver converts this into a nebius.aio.token.token.Token and returns it to the caller.

Where the URL is shown

The authorization URL is logged at INFO/DEBUG levels so it appears in the

project's logs.
If a writer text stream is provided to the Receiver or

the Bearer, the URL (and short instructions) will also be written to that stream so callers can present it directly to a user (for example printing to stdout).

Blocking considerations

Because the flow waits for the user's action, callers should be aware that fetch can block for an extended period. Use reasonable timeouts when calling Receiver._fetch or invoke the bearer within a background task if you need the application to remain responsive.

Example

Construct a bearer and use it to initialize the SDK:

from nebius.sdk import SDK
from nebius.aio.token.federation_bearer import Bearer
import sys

sdk = SDK(credentials=Bearer(
    profile_name="not-a-cli-profile",
    client_id="my-client-id",
    federation_endpoint="auth.eu.nebius.com",
    federation_id="federation-e00my-federation",
    writer=sys.stdout,
    no_browser_open=True,
))

Parameters
profile_name	Human-readable profile name that will be included in `name`.
client_id	OAuth2 client identifier.
federation_endpoint	Federation endpoint URL.
federation_id	Identifier of users federation.
writer	Optional text writer used to display instructions.
no_browser_open	When true the receiver will not attempt to open a browser automatically.
ssl_ctx	Optional SSL context for HTTPS requests.

Method	`__init__`	Create a federation interactive bearer.
Method	`receiver`	Return a new `Receiver` bound to this bearer's configuration.
Property	`name`	Optional human-readable name for the bearer.
Instance Variable	`_client_id`	Undocumented
Instance Variable	`_federation_endpoint`	Undocumented
Instance Variable	`_federation_id`	Undocumented
Instance Variable	`_no_browser_open`	Undocumented
Instance Variable	`_profile_name`	Undocumented
Instance Variable	`_ssl_ctx`	Undocumented
Instance Variable	`_tasks`	Undocumented
Instance Variable	`_writer`	Undocumented

Inherited from Bearer:

Async Method	`close`	Close the bearer and any wrapped resources.
Property	`wrapped`	Return the wrapped bearer or `None` if not wrapping.

def __init__(self, profile_name: str, client_id: str, federation_endpoint: str, federation_id: str, writer: TextIO | None = None, no_browser_open: bool = False, ssl_ctx: SSLContext | None = None): (source) ¶

Create a federation interactive bearer.

def receiver(self) -> ParentReceiver: (source) ¶

overrides nebius.aio.token.token.Bearer.receiver

Return a new Receiver bound to this bearer's configuration.