nebius.aio.token.federation_bearer

Interactive authorization flow (what happens on fetch)

When Receiver._fetch is invoked the implementation will call the helper nebius.aio.token.federation_bearer.auth.authorize which performs the interactive federation handshake. The typical flow is:

1. The helper constructs an authorization URL and either attempts to open

   the user's default browser or returns the URL for the caller to display.

2. The helper will block while waiting for the user to complete the

   authorization in the browser (for example by granting access). This means Receiver._fetch may hang until the user completes the flow.

3. The helper receives an authorization response containing an access token

   and expiry. The receiver converts this into a nebius.aio.token.token.Token and returns it to the caller.

Where the URL is shown

• The authorization URL is logged at INFO/DEBUG levels so it appears in the project's

  logs.

• If a writer text stream is provided to the Receiver or

  the Bearer, the URL (and short instructions) will also be written to that stream so callers can present it directly to a user (for example printing to stdout).

Blocking considerations

Because the flow waits for the user's action, callers should be aware that fetch can block for an extended period. Use reasonable timeouts when calling Receiver._fetch or invoke the bearer within a background task if you need the application to remain responsive.

Classes

• Receiver -- A receiver that executes the interactive

  authorization flow and returns a nebius.aio.token.token.Token.

• Bearer -- A small bearer wrapper exposing the receiver and a

  canonical Bearer.name used for caching and logging.

Example

Construct a bearer and fetch a token:

bearer = Bearer(profile_name, client_id, endpoint, federation_id)
token = await bearer.receiver().fetch()