class Receiver(ParentReceiver): (source)
Constructor: Receiver(client_id, federation_endpoint, federation_id, writer, ...)
Receiver that runs the federation interactive authorization.
Interactive authorization flow (what happens on fetch)
When Receiver._fetch is invoked the implementation will call the
helper nebius.aio.token.federation_bearer.auth.authorize which
performs the interactive federation handshake. The typical flow is:
- The helper constructs an authorization URL and either attempts to open
- the user's default browser or returns the URL for the caller to display.
- The helper will block while waiting for the user to complete the
- authorization in the browser (for example by granting access). This means Receiver._fetch may hang until the user completes the flow.
- The helper receives an authorization response containing an access token
- and expiry. The receiver converts this into a
nebius.aio.token.token.Tokenand returns it to the caller.
Where the URL is shown
- The authorization URL is logged at INFO/DEBUG levels so it appears in the
- project's logs.
Blocking considerations
Because the flow waits for the user's action, callers should be aware that
fetch can block for an extended period. Use reasonable timeouts when
calling Receiver._fetch or invoke the bearer within a background
task if you need the application to remain responsive.
| Parameters | |
| client | OAuth2 client identifier used during authorization. |
| federation | URL of the federation endpoint. |
| federation | Identifier of the users federation. |
| writer | Optional text writer used to display instructions to the user. |
| no | If true the implementation will not attempt to open a browser automatically but will just print a URL to the writer and logs. |
| ssl | Optional SSL context to use for HTTPS requests. |
| Method | __init__ |
Create a federation interactive receiver. |
| Method | can |
Decide whether an authorization error should be retried. |
| Async Method | _fetch |
Execute the interactive authorization flow and return a Token. |
| Instance Variable | _client |
Undocumented |
| Instance Variable | _federation |
Undocumented |
| Instance Variable | _federation |
Undocumented |
| Instance Variable | _no |
Undocumented |
| Instance Variable | _ssl |
Undocumented |
| Instance Variable | _writer |
Undocumented |
Inherited from Receiver:
| Async Method | fetch |
Fetch a token and record it as the latest value. |
| Property | latest |
Return the latest fetched token or None. |
| Instance Variable | _latest |
The most recently fetched token, or None if no token has been fetched yet. Implementations may update this to support inspection or caching by callers. |
str, federation_endpoint: str, federation_id: str, writer: TextIO | None = None, no_browser_open: bool = False, ssl_ctx: SSLContext | None = None):
(source)
¶
Create a federation interactive receiver.
Decide whether an authorization error should be retried.
The current implementation always permits retries. This is a simple policy because interactive flows commonly allow a user to retry the operation (for example if they decline the prompt initially).
| Parameters | |
err:Exception | The exception raised during fetch. |
options:dict[ | Unused; present for API compatibility. |
| Returns | |
bool | Always True in the current implementation. |
float | None = None, options: dict[ = None) -> Token:
(source)
¶
nebius.aio.token.token.Receiver._fetchExecute the interactive authorization flow and return a Token.
The implementation imports and calls
nebius.aio.token.federation_bearer.auth.authorize to
perform the protocol. The returned access token and expiration
information are converted into a
nebius.aio.token.token.Token.
| Parameters | |
timeout:float | None | Optional timeout in seconds forwarded to the authorization helper. |
options:dict[ | Unused; present for API compatibility. |
| Returns | |
Token | A Token containing the access token and expiration. |