Skip to main content

Authentication and authorization

H2O AI Engine Manager (AIEM) authenticates every request through the platform-managed identity provider and authorizes it against workspace-scoped RBAC roles. This page explains how both mechanisms work so that administrators understand the security model and developers know how to authenticate their API calls.

Authentication

AIEM does not manage user accounts or credentials. Instead, it delegates authentication to the platform-managed identity provider through OIDC/OAuth2. Users authenticate once with the identity provider and pass the resulting access token on every AIEM request.

Token validation

AIEM validates every access token before processing a request:

  1. Signature verification — AIEM verifies the token signature using the identity provider's public keys. Supported RSA algorithms: RS256, RS384, and RS512.
  2. Expiration check — Expired tokens are rejected.
  3. Issuer verification — The token's iss claim must match the configured OIDC issuer.

If validation fails, AIEM returns HTTP 401 (Unauthenticated).

How to pass the token

Pass the bearer token in the Authorization header on every request:

Authorization: Bearer <token>

This applies to REST API calls, the Python client, and curl.

Identity extraction

After validating the token, AIEM extracts the following claims:

ClaimPurpose
sub (subject)Unique user identifier, stored as users/<subject>.
Display name claimUser's display name, shown in engine creator fields.
Role claimOIDC roles from the identity provider, used for profile access restrictions (assigned_oidc_roles).

AIEM derives identity from the token on every request. There is no session state and no separate account creation step and a user's identity is established on their first authenticated API call.

Authorization

After authentication, AIEM checks whether the caller has permission to perform the requested operation in the target workspace.

Workspace-scoped model

All AIEM permissions are scoped to a workspace. The same user can hold different roles in different workspaces, for example, DAI Engine Admin in a platform workspace and DAI Engine Reader in a project workspace.

On each request, AIEM:

  1. Determines the target workspace from the resource name (for example, workspaces/my-project/daiEngines/abc).
  2. Queries H2O AuthZ server whether the requesting user is allowed to perform this action in this workspace.
  3. Allows or denies the request based on the result from H2O AuthZ server.
info

If the user lacks the required permission, AIEM returns HTTP 403 (Permission Denied).

Authorization actions

Every AIEM operation requires a specific authorization action, for example actions/enginemanager/daiEngines/CREATE. The RBAC roles and permissions page lists every action and which roles include it.

Profile-level access control

In addition to RBAC roles, engine profiles can restrict access to specific OIDC roles. When assigned_oidc_roles_enabled is true on a profile, AIEM checks the user's OIDC roles (from the identity provider token) against the profile's assigned_oidc_roles list before allowing engine creation with that profile. See Profile access restrictions for details.

API authentication examples

REST API with curl

# Obtain a token from your identity provider, then:
curl -H "Authorization: Bearer $TOKEN" \
https://ENGINEMANAGER_URL/v1/workspaces/my-project/daiEngines

Python client

The Python client handles authentication through the login flow:

from h2o_engine_manager import login

client = login(
environment="https://cloud.h2o.ai",
token_provider=lambda: "your-access-token",
)

See Python client login for the full authentication setup.


Feedback