Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding support to authenticate AzureOpenAI via Microsoft Entra ID. #592

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Adding support to authenticate AzureOpenAI via Microsoft Entra ID. #592

wants to merge 2 commits into from

Conversation

edwardmfho
Copy link

Motivation

Many enterprise users access Azure OpenAI Service through their organization's Microsoft Entra ID credentials rather than API keys. This authentication method:

  • Provides better security by eliminating the need to manage and rotate API keys
  • Enables centralized access control and audit logging through Microsoft Entra ID
  • Aligns with enterprise security policies that prohibit API key usage
  • Allows seamless integration with existing Azure workflows and CI/CD pipelines

Currently, users need to manage API keys manually, which creates additional security overhead and doesn't align with enterprise security best practices. Adding Microsoft Entra ID support would make smolagents more accessible to enterprise users and teams already using Azure OpenAI Service.

Feature Description

The proposed feature would add support for Microsoft Entra ID authentication in smolagents, allowing users to authenticate using:

  • Managed Identities (for applications running in Azure)
  • Service Principals (for automated workflows)
  • Interactive browser-based authentication (for local development)

The authentication flow would integrate with the Azure Identity library (@azure/identity in JavaScript/TypeScript) to handle token acquisition and renewal transparently.

Code Example

import os
from smolagents.models import AzureOpenAIServerModel
from azure.identity import DefaultAzureCredential, get_bearer_token_provider

    token_provider = get_bearer_token_provider(
        DefaultAzureCredential(),
         "https://cognitiveservices.azure.com/.default")

   
    model = AzureOpenAIServerModel(
        args.model_id,
        azure_endpoint=os.getenv("AZURE_OPENAI_ENDPOINT"),
        azure_deployment=os.getenv("AZURE_DEPLOPYMENT_NAME"),
        azure_ad_token_provider=token_provider,
        api_version=os.getenv("AZURE_API_VERSION"),
        custom_role_conversions=custom_role_conversions,
        max_completion_tokens=8192,
        reasoning_effort="high",
    )

Reference to issue: #590

@edwardmfho edwardmfho mentioned this pull request Feb 10, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@edwardmfho