mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-16 06:03:26 -05:00
[GH-ISSUE #16629] feat: Allow authenticating to AzureOpenAI using DefaultAzureCredential() #104978
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @selenecodes on GitHub (Aug 14, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/16629
Check Existing Issues
Problem Description
Currently when using AzureOpenAI you are required to pass an API key.
Current location where Azure authentication happens (to my knowledge):
438e5d966f/backend/open_webui/routers/openai.py (L856-L859)Desired Solution you'd like
Being able to authenticate using a
DefaultAzureCredential()as an option would be preferred so that you have to worry less about API key rotation as you would get short-lived access tokens on every request. Would also save the hassle of having to rotate your keys.Alternatives Considered
No response
Additional Context
Relevant example from the openai_python library.
See: openai-python/src/openai/lib/azure.py for full code.
The
self._azure_ad_token_providerwould beget_bearer_token_provider, see below:This provider would be called on every request like this.
See: openai-python/src/openai/lib/azure.py for full code.