Keyless authentication methods
In keyless authentication to Azure OpenAI for JavaScript, you use Azure's managed identities or service principals to authenticate instead of hardcoding API keys or other credentials. This is done through the DefaultAzureCredential or ManagedIdentityCredential class, which provides a secure and streamlined way to obtain tokens needed for authenticating Azure services. Here's how it works in practice:
- Set Up Azure Environment: Ensure your Azure environment is configured correctly with managed identities.
- Initialize Credentials: Use the
DefaultAzureCredentialclass orManagedIdentityCredentialclass from the Azure Identity SDK for JavaScript to handle the authentication process seamlessly.
Here's an example code snippet:
import { AzureOpenAI } from 'openai';
import { getBearerTokenProvider, DefaultAzureCredential } from '@azure/identity';
// Make sure to set AZURE_OPENAI_ENDPOINT with the endpoint of your Azure resource.
const credential = new DefaultAzureCredential();
const scope = 'https://cognitiveservices.azure.com/.default';
const azureADTokenProvider = getBearerTokenProvider(credential, scope);
// Create client instance
// 3) Create an Azure OpenAI client
const openai = new AzureOpenAI({ azureADTokenProvider });
// 4) Make API call and print response
const result = await openai.chat.completions.create({
model: 'gpt-4-1106-preview',
messages: [{ role: 'user', content: 'Say hello!' }],
});
console.log(result.choices[0]!.message?.content);
- Create Client Instance: Instantiate your
AzureOpenAIwith the endpoint and the credentials obtained from theDefaultAzureCredential. - Make API Calls: Use the client to interact with Azure OpenAI services securely, without explicitly handling sensitive credentials.