Authorization for a user principal#
Applications that make API requests to Omniverse services that require authentication must integrate with the Identity Provider to authenticate users with OpenID Connect or other authentication mechanisms (Omniverse APIs will use OpenID Connect for their reference implementations).
When an application calls an Omniverse Service on behalf of the user, it must pass authentication information received from the Identity Provider within the request. The Omniverse Service may call the Permission Service to verify the user identity and check if the user is authorized to call the API. The Permission Service retrieves public keys from the Identity Provider and validates the user information. If it’s valid, the Permission Service uses the underlying authorization system to verify that the user can perform the specified action in the system.
The sequence diagram below demonstrates how the Customer Application can use Authorization Flow with PKCE (RFC 7636) to authenticate the user with OpenID Connect and call an Omniverse Service:
