Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-20 02:10:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

🔐 feat: Implement Entra ID authentication for Azure OpenAI integration

Browse source 
- Added support for Entra ID authentication in OpenAIClient and related services.
- Updated header management to conditionally use Entra ID access tokens or API keys based on environment configuration.
- Introduced utility functions for Entra ID token retrieval and credential management.
- Enhanced tests to verify Entra ID authentication flow and its integration with Azure configurations.
This commit is contained in:
victorbjorkgren 2025-09-12 17:29:43 +02:00 committed by victorbjor
parent a1471c2f37
commit 9288e84454
9 changed files with 212 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

24
packages/api/src/endpoints/openai/initialize.ts
View file

@ -6,7 +6,7 @@ import type {
UserKeyValues,
} from '~/types';
import { createHandleLLMNewToken } from '~/utils/generators';
import { getAzureCredentials } from '~/utils/azure';
import { getAzureCredentials, getEntraIdAccessToken, shouldUseEntraId } from '~/utils/azure';
import { isUserProvided } from '~/utils/common';
import { resolveHeaders } from '~/utils/env';
import { getOpenAIConfig } from './config';
@ -110,12 +110,30 @@ export const initializeOpenAI = async ({
if (!clientOptions.headers) {
clientOptions.headers = {};
}
clientOptions.headers['api-key'] = apiKey;
if (shouldUseEntraId()) {
clientOptions.headers['Authorization'] = `Bearer ${await getEntraIdAccessToken()}`;
} else {
clientOptions.headers['api-key'] = apiKey || '';
}
} else {
apiKey = azureOptions.azureOpenAIApiKey || '';
clientOptions.azure = azureOptions;
if (shouldUseEntraId()) {
apiKey = 'entra-id-placeholder';
clientOptions.headers['Authorization'] = `Bearer ${await getEntraIdAccessToken()}`;
}
}
} else if (isAzureOpenAI) {
clientOptions.azure =
userProvidesKey && userValues?.apiKey ? JSON.parse(userValues.apiKey) : getAzureCredentials();
apiKey = clientOptions.azure ? clientOptions.azure.azureOpenAIApiKey : undefined;
if (shouldUseEntraId()) {
clientOptions.headers = {
...clientOptions.headers,
Authorization: `Bearer ${await getEntraIdAccessToken()}`,
};
} else {
apiKey = clientOptions.azure ? clientOptions.azure.azureOpenAIApiKey : undefined;
}
}
if (userProvidesKey && !apiKey) {