nebius.api.nebius.iam.v1.OidcCredentialsProvider

class documentation

class OidcCredentialsProvider(pb_classes.Message): (source)

Constructor: OidcCredentialsProvider(initial_message, issuer_url, jwk_set_json)

Undocumented

Method	`__dir__`	Undocumented
Method	`__init__`	Undocumented
Method	`issuer_url.setter`	Undocumented
Method	`jwk_set_json.setter`	Undocumented
Constant	`__PB2_DESCRIPTOR__`	Undocumented
Constant	`__PY_TO_PB2__`	Undocumented
Class Variable	`__mask_functions__`	Undocumented
Property	`issuer_url`	It's not required provider OIDC issuer should be real OIDC provider, but should expose OIDC configuration with "/.well-known/openid-configuration" endpoint. Configuration should contains the "jwks_uri" endpoint where the JSON Web Key Set (JWKS) can be found; this set contains public keys used to verify JSON Web Tokens (JWTs) issued by an identity provider.
Property	`jwk_set_json`	Literally json, which represents JWKS with public keys for JWT verification. It worth mentioned that in a case of adding/rotating keys the jwk_set_json also should be updated here. Besides, the "issuer" parameter should be set even if the JWKS will be resolved locally.

Inherited from Message:

Class Method	`get_descriptor`	Undocumented
Class Method	`is_credentials`	Undocumented
Class Method	`is_sensitive`	Undocumented
Method	`__repr__`	Undocumented
Method	`check_presence`	Undocumented
Method	`get_full_update_reset_mask`	Undocumented
Method	`get_mask`	Undocumented
Method	`is_default`	Undocumented
Method	`set_mask`	Undocumented
Method	`which_field_in_oneof`	Undocumented
Class Variable	`__PB2_CLASS__`	Undocumented
Instance Variable	`__pb2_message__`	Undocumented
Method	`_clear_field`	Undocumented
Method	`_get_field`	Undocumented
Method	`_set_field`	Undocumented
Class Variable	`__credentials_fields`	Undocumented
Class Variable	`__default`	Undocumented
Class Variable	`__sensitive_fields`	Undocumented
Instance Variable	`__recorded_reset_mask`	Undocumented

def __dir__(self) -> abc.Iterable[builtins.str]: (source) ¶

Undocumented

overrides nebius.base.protos.pb_classes.Message.__init__

Undocumented

@issuer_url.setter
def issuer_url(self, value: builtins.str | None): (source) ¶

Undocumented

@jwk_set_json.setter
def jwk_set_json(self, value: builtins.str | None): (source) ¶

Undocumented

__PB2_DESCRIPTOR__ = (source) ¶

overrides nebius.base.protos.pb_classes.Message.__PB2_DESCRIPTOR__

Undocumented

Value

descriptor.DescriptorWrap[descriptor_1.Descriptor]('.nebius.iam.v1.OidcCredentia↵
lsProvider',
                                                   federated_credentials_pb2.DESCRIPTOR↵
,
                                                   descriptor_1.Descriptor)

__PY_TO_PB2__: builtins.dict[builtins.str, builtins.str] = (source) ¶

overrides nebius.base.protos.pb_classes.Message.__PY_TO_PB2__

Undocumented

Value

{'issuer_url': 'issuer_url', 'jwk_set_json': 'jwk_set_json'}

__mask_functions__: dict = (source) ¶

overrides nebius.base.protos.pb_classes.Message.__mask_functions__

Undocumented

@builtins.property
issuer_url: builtins.str = (source) ¶

It's not required provider OIDC issuer should be real OIDC provider, but should expose OIDC configuration with "/.well-known/openid-configuration" endpoint. Configuration should contains the "jwks_uri" endpoint where the JSON Web Key Set (JWKS) can be found; this set contains public keys used to verify JSON Web Tokens (JWTs) issued by an identity provider.

Limitations for external OIDC providers:

token service limits the number of handled keys by 50. If your JWKS return more than 50, the only first 50 will be used for signature verifying.
response size for jwks_uri and "/.well-known/openid-configuration limited by 100KB.

@builtins.property
jwk_set_json: builtins.str = (source) ¶

Literally json, which represents JWKS with public keys for JWT verification. It worth mentioned that in a case of adding/rotating keys the jwk_set_json also should be updated here. Besides, the "issuer" parameter should be set even if the JWKS will be resolved locally.