skip to Main Content

I am trying to get the @azure/openai nodejs package to work with a token received from an OAuth2 (clientId, clientSecret) credentials. but it is not working.
Somewhere I’ve read that replacing the api-key with the token would works, but no luck.

async function run2(){
const token = "<the-token>";
const deploymentName = "<the-deployment-name>";
const customUrl = "https://<resource-name>.openai.azure.com"

const client = new OpenAIClient(
    customUrl,
    new AzureKeyCredential(token)
);
const response = await client.getChatCompletions(
    deploymentName,
    [{role: "user", content: "How are you?"}]
);

console.log(response.choices![0]!.message!.content); }

Has anyone tried this before?

2

Answers


  1. The AzureKeyCredential class is used for API key authentication only. You can indeed use a service principal to authenticate. You need to ensure you have registered an app and assigned the principal the "Cognitive Services User" role in your Azure OpenAI resource.

    Using the Azure SDKs for Node.js and Entra ID, you have a couple of options.

    Both of the below use the Azure Identity Library.

    npm install @azure/identity

    1. Use ClientSecretCredential

    You can specify your Client ID, Client Secret, and Tenant ID in code, or load it from configuration or KeyVault. Here’s an example:

    import { ClientSecretCredential } from "@azure/identity";
    
    async function run2(){
    const credential = new ClientSecretCredential(
        "<YOUR_TENANT_ID>",
        "<YOUR_CLIENT_ID>",
        "<YOUR_CLIENT_SECRET>"
      );
    const deploymentName = "<the-deployment-name>";
    const customUrl = "https://<resource-name>.openai.azure.com"
    
    const client = new OpenAIClient(
        customUrl,
        credential
    );
    const response = await client.getChatCompletions(
        deploymentName,
        [{role: "user", content: "How are you?"}]
    );
    
    console.log(response.choices![0]!.message!.content); }
    
    1. Use AzureDefaultCredential

    If you configured your App Service to use System Managed Identity, or User-defined Managed Identity then you can use this class. This will obtain a token from Entra automatically.

    import { DefaultAzureCredential } from "@azure/identity";
    
    async function run2(){
    const deploymentName = "<the-deployment-name>";
    const customUrl = "https://<resource-name>.openai.azure.com"
    
    const client = new OpenAIClient(
        customUrl,
        new DefaultAzureCredential()
    );
    const response = await client.getChatCompletions(
        deploymentName,
        [{role: "user", content: "How are you?"}]
    );
    
    console.log(response.choices![0]!.message!.content); }
    

    You do also have the option to use EnvironmentCredential, whereby you would set the appropriate environment variables for your app:

    • AZURE_TENANT_ID
    • AZURE_CLIENT_ID
    • AZURE_CLIENT_SECRET
    Login or Signup to reply.
  2. The Microsoft Authentication Library (MSAL) doesn’t provide a method to construct a TokenCredential using the token string, and OpenAIClient can only be passed types of this base type.

    You’ll need to create a custom token credential which extends TokenCredential. However, using this method, you will forfeit the built-in token lifecycle management mechanisms provided by the other TokenCredential types.

    const { TokenCredential } = require('@azure/identity');
    
    // Custom credential that uses an existing token string
    class CustomTokenCredential extends TokenCredential {
      constructor(token) {
        super();
        this.token = token;
        this.expiresOnTimestamp = Date.now() + 3600 * 1000; // Set an expiry time, e.g., 1 hour from now
      }
    
      // Implement the getToken method
      async getToken(scopes, options) {
        return {
          token: this.token,
          expiresOnTimestamp: this.expiresOnTimestamp
        };
      }
    }
    
    // Usage example
    async function main() {
      const token = 'your-existing-access-token'; // Replace with your token
      const credential = new CustomTokenCredential(token);
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search