nebius.api.nebius.iam.v1.OidcCredentialsProvider

class documentation

class OidcCredentialsProvider(pb_classes.Message): (source)

Constructor: OidcCredentialsProvider(initial_message, issuer_url, jwk_set_json)

View In Hierarchy

Undocumented

Method __dir__ Undocumented
Method __init__ Create a wrapper around a protobuf message instance.
Method issuer_url.setter Undocumented
Method jwk_set_json.setter Undocumented
Constant __PB2_DESCRIPTOR__ Undocumented
Constant __PY_TO_PB2__ Undocumented
Class Variable __mask_functions__ Undocumented
Property issuer_url It's not required provider OIDC issuer should be real OIDC provider, but should expose OIDC configuration with "/.well-known/openid-configuration" endpoint. Configuration should contains the "jwks_uri" endpoint where the JSON Web Key Set (JWKS) can be found; this set contains public keys used to verify JSON Web Tokens (JWTs) issued by an identity provider.
Property jwk_set_json Literally json, which represents JWKS with public keys for JWT verification. It worth mentioned that in a case of adding/rotating keys the jwk_set_json also should be updated here. Besides, the "issuer" parameter should be set even if the JWKS will be resolved locally.

Inherited from Message:

Class Method get_descriptor Return the protobuf descriptor for this message class.
Class Method is_credentials Return True if the field contains credentials.
Class Method is_sensitive Return True if the field is marked as sensitive.
Method __repr__ Return a human-readable representation of the message, sanitizing sensitive fields.
Method check_presence Check explicit presence for a field in the protobuf message.
Method get_full_update_reset_mask Build a reset mask for a full update of this message.
Method get_mask Return the tracked reset mask.
Method is_default Return True if a field equals its default value.
Method set_mask Replace the tracked reset mask.
Method which_field_in_oneof Return the set field name for a given oneof.
Instance Variable __PB2_CLASS__ Protobuf message class associated with this wrapper.
Instance Variable __pb2_message__ Underlying protobuf message instance.
Method _clear_field Clear a field and record it in the reset mask.
Method _get_field Return a field value with optional wrapping and presence handling.
Method _set_field Set a field value and update the reset mask.
Class Variable __credentials_fields Undocumented
Class Variable __default Undocumented
Class Variable __sensitive_fields Undocumented
Instance Variable __recorded_reset_mask Mask tracking fields cleared or set to default.
def __dir__(self) -> abc.Iterable[builtins.str]: (source)

Undocumented

def __init__(self, initial_message: message_1.Message | None = None, *, issuer_url: builtins.str | None | unset.UnsetType = unset.Unset, jwk_set_json: builtins.str | None | unset.UnsetType = unset.Unset): (source)
overrides nebius.base.protos.pb_classes.Message.__init__

Create a wrapper around a protobuf message instance.

Raises
AttributeErrorIf the wrapper is missing required class metadata.
@issuer_url.setter
def issuer_url(self, value: builtins.str | None): (source)

Undocumented

@jwk_set_json.setter
def jwk_set_json(self, value: builtins.str | None): (source)

Undocumented

__PB2_DESCRIPTOR__ = (source)
overrides nebius.base.protos.pb_classes.Message.__PB2_DESCRIPTOR__

Undocumented

Value
descriptor.DescriptorWrap[descriptor_1.Descriptor]('.nebius.iam.v1.OidcCredentia
lsProvider',
                                                   federated_credentials_pb2.DESCRIPTOR
,
                                                   descriptor_1.Descriptor)
__PY_TO_PB2__: builtins.dict[builtins.str, builtins.str] = (source)
overrides nebius.base.protos.pb_classes.Message.__PY_TO_PB2__

Undocumented

Value
{'issuer_url': 'issuer_url', 'jwk_set_json': 'jwk_set_json'}
__mask_functions__: dict = (source)
overrides nebius.base.protos.pb_classes.Message.__mask_functions__

Undocumented

@builtins.property
issuer_url: builtins.str = (source)

It's not required provider OIDC issuer should be real OIDC provider, but should expose OIDC configuration with "/.well-known/openid-configuration" endpoint. Configuration should contains the "jwks_uri" endpoint where the JSON Web Key Set (JWKS) can be found; this set contains public keys used to verify JSON Web Tokens (JWTs) issued by an identity provider.

Limitations for external OIDC providers:

  • token service limits the number of handled keys by 50. If your JWKS return more than 50, the only first 50 will be used for signature verifying.
  • response size for jwks_uri and "/.well-known/openid-configuration limited by 100KB.
@builtins.property
jwk_set_json: builtins.str = (source)

Literally json, which represents JWKS with public keys for JWT verification. It worth mentioned that in a case of adding/rotating keys the jwk_set_json also should be updated here. Besides, the "issuer" parameter should be set even if the JWKS will be resolved locally.