github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-24 03:18:21 -05:00
Code Issues 2.4k Packages Projects Releases 129 Wiki Activity

[GH-ISSUE #24761] feat: Support Azure AI Foundry OpenAI v1 endpoint with Microsoft Entra ID authentication. #107392

New Issue
Open
opened 2026-05-18 06:11:38 -05:00 by GiteaMirror · 2 comments
GiteaMirror commented 2026-05-18 06:11:38 -05:00
Owner
Copy Link

Originally created by @jonatanbielawski-stx on GitHub (May 15, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/24761

Check Existing Issues

  • I have searched for all existing open AND closed issues and discussions for similar requests. I have found none that is comparable to my request.

Verify Feature Scope

  • I have read through and understood the scope definition for feature requests in the Issues section. I believe my feature request meets the definition and belongs in the Issues section instead of the Discussions.

Problem Description

Open WebUI currently supports Microsoft Entra ID authentication when using the Azure OpenAI provider. However, this provider builds requests using the classic Azure OpenAI deployment URL format:

/openai/deployments/{model}/chat/completions?api-version={api_version}

This works for classic Azure OpenAI resources such as:

https://.openai.azure.com

However, Azure AI Foundry OpenAI-compatible v1 endpoints use a different request format:

https://.services.ai.azure.com/openai/v1/chat/completions

or generally:

/openai/v1/chat/completions

with the model/deployment name passed in the request body:

{
"model": "",
"messages": [...]
}

When configuring Azure AI Foundry v1 as Azure OpenAI in Open WebUI, the request URL is built incorrectly as:

https://.services.ai.azure.com/openai/deployments/{model}/chat/completions?api-version=...

This results in failed requests / 404 responses.

If I configure the same Azure AI Foundry endpoint as a regular OpenAI provider, the URL format works correctly:

https://.services.ai.azure.com/openai/v1

but the UI no longer allows Microsoft Entra ID / DefaultAzureCredential authentication. It only supports API key style authentication in that provider mode.

This creates a gap:

Azure OpenAI provider: Entra ID works, but URL format is incorrect for Azure AI Foundry v1.
OpenAI provider: URL format works, but Entra ID authentication is not available.

This is especially relevant for Azure AI Foundry deployments where some models, such as open-weight models deployed through Foundry, are exposed through the newer Foundry/OpenAI v1 endpoint rather than the classic Azure OpenAI deployment endpoint.

Desired Solution you'd like

Desired Solution

Please add support for Azure AI Foundry OpenAI v1 endpoints with Microsoft Entra ID authentication.

A possible implementation could be one of the following:

Option 1 : Add a new provider type

Add a separate provider type, for example:

Azure AI Foundry

or:

Azure OpenAI v1

This provider would:

use the OpenAI-compatible v1 URL format:
/openai/v1/chat/completions
/openai/v1/embeddings
pass the model/deployment name in the request body as model
not require the dated api-version query parameter
support Microsoft Entra ID authentication using DefaultAzureCredential
continue to support API key authentication as an option

Option 2: Extend the existing Azure OpenAI provider

Add an option to the existing Azure OpenAI provider such as:

API Style:

  • Azure OpenAI deployments API
  • Azure AI Foundry / OpenAI v1 API

When Azure AI Foundry / OpenAI v1 API is selected, Open WebUI should build requests like:

POST {base_url}/openai/v1/chat/completions

instead of:

POST {base_url}/openai/deployments/{model}/chat/completions?api-version=...

The authentication options should remain available, including:

API Key
Microsoft Entra ID / DefaultAzureCredential

This would allow users to use Azure AI Foundry OpenAI-compatible endpoints securely without falling back to API keys.

Alternatives Considered

I considered the following workarounds:

1. Use the OpenAI provider with an API key

This works technically when using:

https://<resource>.services.ai.azure.com/openai/v1

However, it requires using API keys and does not allow Microsoft Entra ID / Managed Identity authentication from Open WebUI.

2. Use the classic Azure OpenAI endpoint

This works for traditional Azure OpenAI deployments using:

https://.openai.azure.com

and the classic deployment API format.

However, this does not solve the case where the model is deployed through Azure AI Foundry and exposed through:

https://.services.ai.azure.com/openai/v1

Additional Context

No response

Originally created by @jonatanbielawski-stx on GitHub (May 15, 2026). Original GitHub issue: https://github.com/open-webui/open-webui/issues/24761 ### Check Existing Issues - [x] I have searched for all existing **open AND closed** issues and discussions for similar requests. I have found none that is comparable to my request. ### Verify Feature Scope - [x] I have read through and understood the scope definition for feature requests in the Issues section. I believe my feature request meets the definition and belongs in the Issues section instead of the Discussions. ### Problem Description Open WebUI currently supports Microsoft Entra ID authentication when using the `Azure OpenAI` provider. However, this provider builds requests using the classic Azure OpenAI deployment URL format: ```text /openai/deployments/{model}/chat/completions?api-version={api_version} ``` This works for classic Azure OpenAI resources such as: https://<resource>.openai.azure.com However, Azure AI Foundry OpenAI-compatible v1 endpoints use a different request format: https://<resource>.services.ai.azure.com/openai/v1/chat/completions or generally: /openai/v1/chat/completions with the model/deployment name passed in the request body: { "model": "<deployment-name>", "messages": [...] } When configuring Azure AI Foundry v1 as Azure OpenAI in Open WebUI, the request URL is built incorrectly as: https://<resource>.services.ai.azure.com/openai/deployments/{model}/chat/completions?api-version=... This results in failed requests / 404 responses. If I configure the same Azure AI Foundry endpoint as a regular OpenAI provider, the URL format works correctly: https://<resource>.services.ai.azure.com/openai/v1 but the UI no longer allows Microsoft Entra ID / DefaultAzureCredential authentication. It only supports API key style authentication in that provider mode. This creates a gap: Azure OpenAI provider: Entra ID works, but URL format is incorrect for Azure AI Foundry v1. OpenAI provider: URL format works, but Entra ID authentication is not available. This is especially relevant for Azure AI Foundry deployments where some models, such as open-weight models deployed through Foundry, are exposed through the newer Foundry/OpenAI v1 endpoint rather than the classic Azure OpenAI deployment endpoint. ### Desired Solution you'd like ## Desired Solution Please add support for Azure AI Foundry OpenAI v1 endpoints with Microsoft Entra ID authentication. A possible implementation could be one of the following: ### Option 1 : Add a new provider type Add a separate provider type, for example: ```text Azure AI Foundry ``` or: Azure OpenAI v1 This provider would: use the OpenAI-compatible v1 URL format: /openai/v1/chat/completions /openai/v1/embeddings pass the model/deployment name in the request body as model not require the dated api-version query parameter support Microsoft Entra ID authentication using DefaultAzureCredential continue to support API key authentication as an option ### Option 2: Extend the existing Azure OpenAI provider Add an option to the existing Azure OpenAI provider such as: API Style: - Azure OpenAI deployments API - Azure AI Foundry / OpenAI v1 API When Azure AI Foundry / OpenAI v1 API is selected, Open WebUI should build requests like: POST {base_url}/openai/v1/chat/completions instead of: POST {base_url}/openai/deployments/{model}/chat/completions?api-version=... The authentication options should remain available, including: API Key Microsoft Entra ID / DefaultAzureCredential This would allow users to use Azure AI Foundry OpenAI-compatible endpoints securely without falling back to API keys. ### Alternatives Considered I considered the following workarounds: ### 1. Use the OpenAI provider with an API key This works technically when using: ```text https://<resource>.services.ai.azure.com/openai/v1 ``` However, it requires using API keys and does not allow Microsoft Entra ID / Managed Identity authentication from Open WebUI. ### 2. Use the classic Azure OpenAI endpoint This works for traditional Azure OpenAI deployments using: https://<resource>.openai.azure.com and the classic deployment API format. However, this does not solve the case where the model is deployed through Azure AI Foundry and exposed through: https://<resource>.services.ai.azure.com/openai/v1 ### Additional Context _No response_
GiteaMirror commented 2026-05-18 06:11:39 -05:00
Author
Owner
Copy Link

@owui-terminator[bot] commented on GitHub (May 15, 2026):

⚠️ Missing Issue Title Prefix

@jonatanbielawski-stx, your issue title is missing a categorising prefix (e.g. bug:, feat:, docs:).

Please update the title to lead with one of:

  • bug: bug report or error
  • feat: feature request or enhancement
  • docs: documentation issue
  • question: usage question
  • help: support request

Example: bug: Login fails when the password contains special characters

<!-- gh-comment-id:4461110541 --> @owui-terminator[bot] commented on GitHub (May 15, 2026): # ⚠️ Missing Issue Title Prefix @jonatanbielawski-stx, your issue title is missing a categorising prefix (e.g. `bug:`, `feat:`, `docs:`). Please update the title to lead with one of: - **bug**: bug report or error - **feat**: feature request or enhancement - **docs**: documentation issue - **question**: usage question - **help**: support request Example: `bug: Login fails when the password contains special characters`
GiteaMirror commented 2026-05-18 06:11:40 -05:00
Author
Owner
Copy Link

@owui-terminator[bot] commented on GitHub (May 15, 2026):

🔍 Related Issues Found

I found some existing issues that might be related. Please check if any of these are duplicates or contain helpful solutions:

  1. 🟣 #16629 feat: Allow authenticating to AzureOpenAI using DefaultAzureCredential()
    This directly requests Microsoft Entra ID / DefaultAzureCredential support for AzureOpenAI, which is one half of the gap in the new issue. The new issue needs the same auth mechanism but for Azure AI Foundry/OpenAI v1 endpoints.
    by selenecodes

  2. 🟣 #16819 issue: Azure AI Foundry Non-functional after 0.6.23
    This reports Azure AI Foundry connectivity breaking against Open WebUI, making it closely related to Foundry-specific endpoint handling. While it appears to be a regression rather than the same auth/url mismatch, it concerns the same provider and endpoint family.
    by decent-engineer-decent-datascientist · bug

  3. 🟣 #18075 issue: Azure OpenAI URL not working
    This is about Azure OpenAI URL construction and 404s when the endpoint format is wrong. The new issue is also fundamentally about Open WebUI building the wrong Azure URL format, but for the newer Foundry v1 style.
    by attilaolah · bug

  4. 🟣 #17121 feat: accept custom url for Azure Open AI
    This asks for custom Azure OpenAI base URL support, which overlaps with the need to use non-classic Azure endpoints. It is related because the new issue is also about accommodating Azure-hosted endpoints that do not fit the classic deployment URL pattern.
    by fugabri97

💡 If your issue is a duplicate, please close it and add any additional details to the existing issue instead.

This comment was generated automatically. React with 👍 if helpful, 👎 if not.

<!-- gh-comment-id:4461112172 --> @owui-terminator[bot] commented on GitHub (May 15, 2026): <!-- terminator-bot:related-issues-reply --> 🔍 **Related Issues Found** I found some existing issues that might be related. Please check if any of these are duplicates or contain helpful solutions: 1. 🟣 [#16629](https://github.com/open-webui/open-webui/issues/16629) **feat: Allow authenticating to AzureOpenAI using DefaultAzureCredential()** *This directly requests Microsoft Entra ID / DefaultAzureCredential support for AzureOpenAI, which is one half of the gap in the new issue. The new issue needs the same auth mechanism but for Azure AI Foundry/OpenAI v1 endpoints.* *by selenecodes* 2. 🟣 [#16819](https://github.com/open-webui/open-webui/issues/16819) **issue: Azure AI Foundry Non-functional after 0.6.23** *This reports Azure AI Foundry connectivity breaking against Open WebUI, making it closely related to Foundry-specific endpoint handling. While it appears to be a regression rather than the same auth/url mismatch, it concerns the same provider and endpoint family.* *by decent-engineer-decent-datascientist · `bug`* 3. 🟣 [#18075](https://github.com/open-webui/open-webui/issues/18075) **issue: Azure OpenAI URL not working** *This is about Azure OpenAI URL construction and 404s when the endpoint format is wrong. The new issue is also fundamentally about Open WebUI building the wrong Azure URL format, but for the newer Foundry v1 style.* *by attilaolah · `bug`* 4. 🟣 [#17121](https://github.com/open-webui/open-webui/issues/17121) **feat: accept custom url for Azure Open AI** *This asks for custom Azure OpenAI base URL support, which overlaps with the need to use non-classic Azure endpoints. It is related because the new issue is also about accommodating Azure-hosted endpoints that do not fit the classic deployment URL pattern.* *by fugabri97* --- 💡 If your issue is a duplicate, please close it and add any additional details to the existing issue instead. *This comment was generated automatically.* React with 👍 if helpful, 👎 if not.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#107392
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?