nat.authentication.oauth2.oauth2_resource_server_config

Classes

OAuth2ResourceServerConfig

OAuth 2.0 Resource Server authentication configuration.

Module Contents

class OAuth2ResourceServerConfig(/, **data: Any)

Bases: nat.data_models.authentication.AuthProviderBaseConfig

OAuth 2.0 Resource Server authentication configuration.

Supports:

• JWT access tokens via JWKS / OIDC Discovery / issuer fallback

• Opaque access tokens via RFC 7662 introspection

Create a new model by parsing and validating input data from keyword arguments.

Raises [ValidationError][pydantic_core.ValidationError] if the input data cannot be validated to form a valid model.

self is explicitly positional-only to allow self as a field name.

issuer_url: str = None

scopes: list[str] = None

audience: str | None = None

jwks_uri: str | None = None

discovery_url: str | None = None

introspection_endpoint: str | None = None

client_id: str | None = None

client_secret: str | None = None

static _is_https_or_localhost(url: str) → bool

classmethod _require_valid_url(value: str | None, info)

_ensure_verification_path()

JWT path viable if any of: jwks_uri OR discovery_url OR issuer_url (fallback JWKS). Opaque path viable if: introspection_endpoint AND client_id AND client_secret.