Azure Entra ID authentication
Enterprise h2oGPTe supports Azure Entra ID (formerly Azure Active Directory) as an authentication method for the Python client. Use this method when your organization manages identity through Azure Entra ID and you want to authenticate programmatically without an API key.
Prerequisites​
- A valid Azure Entra ID access token issued for your Enterprise h2oGPTe instance. To get a token, follow your organization's Azure Entra ID token acquisition process, or see the Microsoft identity platform documentation.
- The Enterprise h2oGPTe Python client (
h2ogpte) installed in your environment.
Authenticate with Azure Entra ID​
Pass the azure_token parameter when you initialize any of the Python client classes.
Synchronous client:
from h2ogpte import H2OGPTE
client = H2OGPTE(
address="https://YOUR_H2OGPTE_URL",
azure_token="<YOUR_AZURE_TOKEN>",
)
Async client:
from h2ogpte import H2OGPTEAsync
client = H2OGPTEAsync(
address="https://YOUR_H2OGPTE_URL",
azure_token="<YOUR_AZURE_TOKEN>",
)
WebSocket client (SharedH2OGPTEClient):
from h2ogpte.shared_client import SharedH2OGPTEClient
client = SharedH2OGPTEClient(
address="https://YOUR_H2OGPTE_URL",
azure_token="<YOUR_AZURE_TOKEN>",
)
After you initialize the client, use it the same way you would with API key authentication. The azure_token parameter only changes how the client authenticates. The client sends your token with the Bearer-AD authorization scheme on every request.
The client sends the azure_token value as-is on every request and doesn't refresh it. If your token expires, create a new client instance with a fresh token. For automatic token refresh, use token_provider instead (available on H2OGPTE and H2OGPTEAsync).
Authentication methods​
The H2OGPTE and H2OGPTEAsync clients support three mutually exclusive authentication methods. Provide exactly one when you create a client instance.
| Parameter | Description |
|---|---|
api_key | Enterprise h2oGPTe API key (most common method). |
token_provider | Token provider that supplies a bearer token. |
azure_token | Azure Entra ID access token. |
SharedH2OGPTEClient(WebSocket client) supportsapi_keyandazure_tokenonly.token_providerisn't available for the WebSocket client.- Error messages from
SharedH2OGPTEClientreference onlyapi_keyandazure_token.
If you provide more than one parameter, the client raises a RuntimeError:
RuntimeError: api_key, token_provider, and azure_token are mutually exclusive. Please provide exactly one.
If you provide none, the client raises:
RuntimeError: Please use either an API key, a Token provider, or an Azure token to authenticate.
The exact error text varies by client class. SharedH2OGPTEClient references only api_key and azure_token in its error messages.
For available operations, see the Python Client guide.
- Submit and view feedback for this page
- Send feedback about Enterprise h2oGPTe to cloud-feedback@h2o.ai