OIDCTokenExchangeAuth

class eodag.plugins.authentication.token_exchange.OIDCTokenExchangeAuth(provider, config)

Token exchange implementation using

OIDCAuthorizationCodeFlowAuth token as subject.

Parameters:

• provider (str) – provider name

• config (PluginConfig) –

  Authentication plugin configuration:

  • subject (dict[str, Any]) (mandatory): The full OIDCAuthorizationCodeFlowAuth plugin configuration used to retrieve subject token

  • subject_issuer (str) (mandatory): Identifies the issuer of the subject_token

  • token_uri (str) (mandatory): The url to query to get the authorized token

  • client_id (str) (mandatory): The OIDC provider’s client ID of the eodag provider

  • audience (str) (mandatory): This parameter specifies the target client you want the new token minted for.

  • token_key (str) (mandatory): The key pointing to the token in the json response to the POST request to the token server

__init__(provider, config)

Parameters:

• provider (str)

• config (PluginConfig)

Methods

__init__(provider, config)
authenticate()	Authenticate
authenticate_objects(bucket_names_and_prefixes)	Authenticates with s3 and retrieves the available objects
validate_config_credentials()	Validate configured credentials

Attributes

GRANT_TYPE
REQUIRED_KEYS
SUBJECT_TOKEN_TYPE
plugins