:py:mod:`oauth2_service_token`
==============================

.. py:module:: oauth2_service_token

.. autoapi-nested-parse::

   OAuth2 service token framework for authenticating internal API clients.

   This module defines a generic `OAuth2ServiceToken` base class for retrieving
   and caching OAuth2 access tokens using client credentials. It also includes a
   `OAuth2ServiceTokenFactory` to construct and manage tokens for specific services,
   such as the Site Capabilities API.

   Caching, scope extension, and audience targeting are supported, allowing reuse
   and fine-grained access control of service tokens.



Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   oauth2_service_token.OAuth2ServiceToken




.. py:class:: OAuth2ServiceToken(shortname, default_scopes, audience, client, iam_token_endpoint, try_use_cache = True, cache = None, cache_key_prefix = 'X', additional_scopes = None, logger=logging.getLogger('uvicorn'))


   Bases: :py:obj:`abc.ABC`

   .. autoapi-inheritance-diagram:: oauth2_service_token.OAuth2ServiceToken
      :parts: 1
      :private-bases:

   A base class for retrieving service tokens. This allows for different clients to be used & parameters to be
   easily modified and restricted, e.g. scope locked storage.[read|write|modify]:/* tokens for download and upload.

   .. py:method:: get(force_renew=False)
      :async:

      Retrieve an access token for the configured OAuth2 client.

      If caching is enabled and a valid token exists in the cache, it will be returned.
      Otherwise, a new token will be requested from the IAM token endpoint using
      client credentials.