nat.authentication.oauth2.oauth2_resource_server_config

Classes

OAuth2ResourceServerConfig

OAuth 2.0 Resource Server authentication configuration.

Module Contents

class OAuth2ResourceServerConfig

Bases: nat.data_models.authentication.AuthProviderBaseConfig

OAuth 2.0 Resource Server authentication configuration.

Supports:

• JWT access tokens via JWKS / OIDC Discovery / issuer fallback

• Opaque access tokens via RFC 7662 introspection

issuer_url: str = None

scopes: list[str] = None

audience: str | None = None

jwks_uri: str | None = None

discovery_url: str | None = None

introspection_endpoint: str | None = None

client_id: str | None = None

client_secret: nat.data_models.common.OptionalSecretStr = None

client_auth_method: str | None = None

static _is_https_or_localhost(url: str) → bool

classmethod _require_valid_url(value: str | None, info)

classmethod _validate_client_auth_method(value: str | None)

_ensure_verification_path()

JWT path viable if any of: jwks_uri OR discovery_url OR issuer_url (fallback JWKS). Opaque path viable if: introspection_endpoint AND client_id AND client_secret.