API Reference nova_auth_oidc v#0.1.3

View Source

Modules

Behaviour for OIDC authentication configuration. Implementing modules define OIDC providers, scopes, and callbacks. Configuration is cached in persistent_term for fast repeated access.

Client credentials flow for machine-to-machine authentication. Obtains and caches access tokens using the OAuth2 client credentials grant.

Nova controller for OpenID Connect authentication flows.

Token introspection (RFC 7662). Checks if an access token is active at the provider (e.g., not revoked or expired).

JWT bearer token validation for API protection. Validates JWTs issued by a configured OIDC provider using the provider's JWKS (fetched and cached by oidcc_provider_configuration_worker).

Nova plugin that protects routes by checking for an authenticated actor in the session. Uses nova_auth_actor for session storage, making it compatible with any auth strategy.

Nova security callbacks for OIDC-protected routes. Extends the base nova_auth_security with JWT bearer validation.

Supervisor for OIDC provider configuration workers. Each provider gets its own oidcc_provider_configuration_worker child that fetches and caches the provider's discovery document and JWKS.