diff --git a/examples/azure_ad.py b/examples/azure_ad.py index 67e2f23713..e1824fb78d 100755 --- a/examples/azure_ad.py +++ b/examples/azure_ad.py @@ -1,28 +1,24 @@ import asyncio -from openai.lib.azure import AzureOpenAI, AsyncAzureOpenAI, AzureADTokenProvider, AsyncAzureADTokenProvider - -scopes = "https://cognitiveservices.azure.com/.default" - -# May change in the future -# https://learn.microsoft.com/en-us/azure/ai-services/openai/reference#rest-api-versioning -api_version = "2023-07-01-preview" +from openai.lib.azure import OpenAI, AsyncOpenAI, AzureAuth, AsyncAzureAuth, AzureADTokenProvider, AsyncAzureADTokenProvider # https://learn.microsoft.com/en-us/azure/cognitive-services/openai/how-to/create-resource?pivots=web-portal#create-a-resource endpoint = "https://my-resource.openai.azure.com" -deployment_name = "deployment-name" # e.g. gpt-35-instant +deployment_name = "deployment-name" # e.g. gpt-35-instant def sync_main() -> None: from azure.identity import DefaultAzureCredential, get_bearer_token_provider - token_provider: AzureADTokenProvider = get_bearer_token_provider(DefaultAzureCredential(), scopes) + token_provider: AzureADTokenProvider = get_bearer_token_provider(DefaultAzureCredential(), AzureAuth.DEFAULT_SCOPE) - client = AzureOpenAI( - api_version=api_version, - azure_endpoint=endpoint, - azure_ad_token_provider=token_provider, + client = OpenAI( + base_url=endpoint, + auth_provider=AzureAuth(token_provider), + default_query={ # Temporary requirement to specify api version - will be removed once v1 routes go GA + 'api-version': 'preview' + } ) completion = client.chat.completions.create( @@ -41,12 +37,14 @@ def sync_main() -> None: async def async_main() -> None: from azure.identity.aio import DefaultAzureCredential, get_bearer_token_provider - token_provider: AsyncAzureADTokenProvider = get_bearer_token_provider(DefaultAzureCredential(), scopes) + token_provider: AsyncAzureADTokenProvider = get_bearer_token_provider(DefaultAzureCredential(), AsyncAzureAuth.DEFAULT_SCOPE) - client = AsyncAzureOpenAI( - api_version=api_version, - azure_endpoint=endpoint, - azure_ad_token_provider=token_provider, + client = AsyncOpenAI( + base_url=endpoint, + auth_provider=AsyncAzureAuth(token_provider), + default_query={ # Temporary requirement to specify api version - will be removed once v1 routes go GA + 'api-version': 'preview' + } ) completion = await client.chat.completions.create( diff --git a/src/openai/__init__.py b/src/openai/__init__.py index 226fed9554..7b8e3a153d 100644 --- a/src/openai/__init__.py +++ b/src/openai/__init__.py @@ -9,7 +9,19 @@ from . import types from ._types import NOT_GIVEN, Omit, NoneType, NotGiven, Transport, ProxiesTypes from ._utils import file_from_path -from ._client import Client, OpenAI, Stream, Timeout, Transport, AsyncClient, AsyncOpenAI, AsyncStream, RequestOptions +from ._client import ( + Client, + OpenAI, + Stream, + Timeout, + Transport, + AsyncClient, + AsyncOpenAI, + AsyncStream, + AuthProvider, + AsyncAuthProvider, + RequestOptions, +) from ._models import BaseModel from ._version import __title__, __version__ from ._response import APIResponse as APIResponse, AsyncAPIResponse as AsyncAPIResponse @@ -72,6 +84,8 @@ "AsyncStream", "OpenAI", "AsyncOpenAI", + "AuthProvider", + "AsyncAuthProvider", "file_from_path", "BaseModel", "DEFAULT_TIMEOUT", @@ -87,7 +101,7 @@ from .lib import azure as _azure, pydantic_function_tool as pydantic_function_tool from .version import VERSION as VERSION -from .lib.azure import AzureOpenAI as AzureOpenAI, AsyncAzureOpenAI as AsyncAzureOpenAI +from .lib.azure import AzureOpenAI as AzureOpenAI, AsyncAzureOpenAI as AsyncAzureOpenAI, AzureAuth as AzureAuth, AsyncAzureAuth as AsyncAzureAuth from .lib._old_api import * from .lib.streaming import ( AssistantEventHandler as AssistantEventHandler, @@ -119,6 +133,8 @@ api_key: str | None = None +auth_provider: AuthProvider | None = None + organization: str | None = None project: str | None = None @@ -165,6 +181,17 @@ def api_key(self, value: str | None) -> None: # type: ignore api_key = value + @property # type: ignore + @override + def auth_provider(self) -> AuthProvider | None: + return auth_provider + + @auth_provider.setter # type: ignore + def auth_provider(self, value: AuthProvider | None) -> None: # type: ignore + global auth_provider + + auth_provider = value + @property # type: ignore @override def organization(self) -> str | None: @@ -348,6 +375,7 @@ def _load_client() -> OpenAI: # type: ignore[reportUnusedFunction] _client = _ModuleClient( api_key=api_key, + auth_provider=auth_provider, organization=organization, project=project, webhook_secret=webhook_secret, diff --git a/src/openai/_client.py b/src/openai/_client.py index ed9b46f4b0..7a3e83ba87 100644 --- a/src/openai/_client.py +++ b/src/openai/_client.py @@ -3,7 +3,7 @@ from __future__ import annotations import os -from typing import TYPE_CHECKING, Any, Union, Mapping +from typing import TYPE_CHECKING, Any, Union, Mapping, Protocol from typing_extensions import Self, override import httpx @@ -14,7 +14,9 @@ NOT_GIVEN, Omit, Timeout, + Headers, NotGiven, + NotGivenOr, Transport, ProxiesTypes, RequestOptions, @@ -25,6 +27,7 @@ get_async_library, ) from ._compat import cached_property +from ._models import FinalRequestOptions from ._version import __version__ from ._streaming import Stream as Stream, AsyncStream as AsyncStream from ._exceptions import OpenAIError, APIStatusError @@ -73,6 +76,24 @@ __all__ = ["Timeout", "Transport", "ProxiesTypes", "RequestOptions", "OpenAI", "AsyncOpenAI", "Client", "AsyncClient"] +class AuthProvider(Protocol): + + def do_auth(self, *, url: httpx.URL, headers: NotGivenOr[Headers] = NOT_GIVEN, params: NotGivenOr[dict[str, object]] = NOT_GIVEN, cookies: Any = NOT_GIVEN, response: httpx.Response | None = None) -> tuple[httpx.URL, NotGivenOr[Headers], NotGivenOr[dict[str, object]], Any]: + """Perform authentication for the request. + + This method should be overridden by subclasses to implement specific authentication logic. + """ + raise NotImplementedError("Subclasses must implement this method.") + +class AsyncAuthProvider(Protocol): + + async def do_auth(self, *, url: httpx.URL, headers: NotGivenOr[Headers] = NOT_GIVEN, params: NotGivenOr[dict[str, object]] = NOT_GIVEN, cookies: Any = NOT_GIVEN, response: httpx.Response | None = None) -> tuple[httpx.URL, NotGivenOr[Headers], NotGivenOr[dict[str, object]], Any]: + """Perform authentication for the request. + + This method should be overridden by subclasses to implement specific authentication logic. + """ + raise NotImplementedError("Subclasses must implement this method.") + class OpenAI(SyncAPIClient): # client options @@ -93,6 +114,7 @@ def __init__( self, *, api_key: str | None = None, + auth_provider: AuthProvider | None = None, organization: str | None = None, project: str | None = None, webhook_secret: str | None = None, @@ -124,13 +146,16 @@ def __init__( - `project` from `OPENAI_PROJECT_ID` - `webhook_secret` from `OPENAI_WEBHOOK_SECRET` """ + if api_key and auth_provider: + raise ValueError("The `api_key` and `auth_provider` arguments are mutually exclusive") if api_key is None: api_key = os.environ.get("OPENAI_API_KEY") - if api_key is None: + if api_key is None and auth_provider is None: raise OpenAIError( - "The api_key client option must be set either by passing api_key to the client or by setting the OPENAI_API_KEY environment variable" + "The api_key or auth_provider client option must be set either by passing api_key or auth_provider to the client or by setting the OPENAI_API_KEY environment variable" ) - self.api_key = api_key + self.auth_provider = auth_provider + self.api_key = api_key or "" if organization is None: organization = os.environ.get("OPENAI_ORG_ID") @@ -279,6 +304,21 @@ def with_streaming_response(self) -> OpenAIWithStreamedResponse: def qs(self) -> Querystring: return Querystring(array_format="brackets") + @override + def _prepare_options(self, options: FinalRequestOptions) -> FinalRequestOptions: + options = super()._prepare_options(options) + + if self.auth_provider: + url, headers, params, _ = self.auth_provider.do_auth( + url = options.url, + headers = options.headers, + params = options.params + ) + options.url = url + options.headers = headers + options.params = params + return options + @property @override def auth_headers(self) -> dict[str, str]: @@ -287,7 +327,7 @@ def auth_headers(self) -> dict[str, str]: # if the api key is an empty string, encoding the header will fail return {} return {"Authorization": f"Bearer {api_key}"} - + @property @override def default_headers(self) -> dict[str, str | Omit]: @@ -303,6 +343,7 @@ def copy( self, *, api_key: str | None = None, + auth_provider: AuthProvider | None = None, organization: str | None = None, project: str | None = None, webhook_secret: str | None = None, @@ -338,6 +379,10 @@ def copy( elif set_default_query is not None: params = set_default_query + auth_provider = auth_provider or self.auth_provider + if auth_provider is not None: + _extra_kwargs = {**_extra_kwargs, "auth_provider": auth_provider} + http_client = http_client or self._client return self.__class__( api_key=api_key or self.api_key, @@ -412,6 +457,7 @@ def __init__( self, *, api_key: str | None = None, + auth_provider: AsyncAuthProvider | None = None, organization: str | None = None, project: str | None = None, webhook_secret: str | None = None, @@ -443,13 +489,16 @@ def __init__( - `project` from `OPENAI_PROJECT_ID` - `webhook_secret` from `OPENAI_WEBHOOK_SECRET` """ + if api_key and auth_provider: + raise ValueError("The `api_key` and `auth_provider` arguments are mutually exclusive") if api_key is None: api_key = os.environ.get("OPENAI_API_KEY") - if api_key is None: + if api_key is None and auth_provider is None: raise OpenAIError( - "The api_key client option must be set either by passing api_key to the client or by setting the OPENAI_API_KEY environment variable" + "The api_key or auth_provider client option must be set either by passing api_key or auth_provider to the client or by setting the OPENAI_API_KEY environment variable" ) - self.api_key = api_key + self.auth_provider = auth_provider + self.api_key = api_key or "" if organization is None: organization = os.environ.get("OPENAI_ORG_ID") @@ -598,6 +647,20 @@ def with_streaming_response(self) -> AsyncOpenAIWithStreamedResponse: def qs(self) -> Querystring: return Querystring(array_format="brackets") + @override + async def _prepare_options(self, options: FinalRequestOptions) -> FinalRequestOptions: + options = await super()._prepare_options(options) + if self.auth_provider: + url, headers, params, _ = await self.auth_provider.do_auth( + url = options.url, + headers = options.headers, + params = options.params + ) + options.url = url + options.headers = headers + options.params = params + return options + @property @override def auth_headers(self) -> dict[str, str]: @@ -622,6 +685,7 @@ def copy( self, *, api_key: str | None = None, + auth_provider: AsyncAuthProvider | None = None, organization: str | None = None, project: str | None = None, webhook_secret: str | None = None, @@ -657,6 +721,10 @@ def copy( elif set_default_query is not None: params = set_default_query + auth_provider = auth_provider or self.auth_provider + if auth_provider is not None: + _extra_kwargs = {**_extra_kwargs, "auth_provider": auth_provider} + http_client = http_client or self._client return self.__class__( api_key=api_key or self.api_key, diff --git a/src/openai/lib/azure.py b/src/openai/lib/azure.py index a994e4256c..20f2b8a1cf 100644 --- a/src/openai/lib/azure.py +++ b/src/openai/lib/azure.py @@ -2,12 +2,13 @@ import os import inspect -from typing import Any, Union, Mapping, TypeVar, Callable, Awaitable, cast, overload +from typing import Any, Union, Mapping, TypeVar, Callable, Awaitable, cast, overload, Protocol from typing_extensions import Self, override import httpx -from .._types import NOT_GIVEN, Omit, Query, Timeout, NotGiven +from openai import AuthProvider, AsyncAuthProvider +from .._types import NOT_GIVEN, Omit, Query, Timeout, NotGiven, NotGivenOr, Headers from .._utils import is_given, is_mapping from .._client import OpenAI, AsyncOpenAI from .._compat import model_copy @@ -35,6 +36,44 @@ _HttpxClientT = TypeVar("_HttpxClientT", bound=Union[httpx.Client, httpx.AsyncClient]) _DefaultStreamT = TypeVar("_DefaultStreamT", bound=Union[Stream[Any], AsyncStream[Any]]) +class TokenCredentialLike(Protocol): + + def get_token(self) -> str | Awaitable[str]: + ... + +class AzureAuth(AuthProvider): + + DEFAULT_SCOPE = "https://cognitiveservices.azure.com/.default" + + def __init__(self, azure_ad_token_provider: AzureADTokenProvider): + self.azure_ad_token_provider = azure_ad_token_provider + + @override + def do_auth(self, *, url: httpx.URL, headers: NotGivenOr[Headers] = NOT_GIVEN, params: NotGivenOr[dict[str, object]] = NOT_GIVEN, cookies: Any = NOT_GIVEN, response: httpx.Response | None = None) -> tuple[httpx.URL, NotGivenOr[Headers], NotGivenOr[dict[str, object]], Any]: + headers = { **headers } if is_given(headers) else {} + headers.setdefault('Authorization', f'Bearer {self.get_token()}') + return url, headers, params, cookies + + def get_token(self) -> str: + return self.azure_ad_token_provider() + +class AsyncAzureAuth(AsyncAuthProvider): + + DEFAULT_SCOPE = "https://cognitiveservices.azure.com/.default" + + def __init__(self, azure_ad_token_provider: AsyncAzureADTokenProvider): + self.azure_ad_token_provider = azure_ad_token_provider + + @override + async def do_auth(self, *, url: httpx.URL, headers: NotGivenOr[Headers] = NOT_GIVEN, params: NotGivenOr[dict[str, object]] = NOT_GIVEN, cookies: Any = NOT_GIVEN, response: httpx.Response | None = None) -> tuple[httpx.URL, NotGivenOr[Headers], NotGivenOr[dict[str, object]], Any]: + headers = { **headers } if is_given(headers) else {} + headers.setdefault('Authorization', f'Bearer {await self.get_token()}') + return url, headers, params, cookies + + async def get_token(self) -> str: + if isinstance(self.azure_ad_token_provider, str): + return self.azure_ad_token_provider + return await self.azure_ad_token_provider() # we need to use a sentinel API key value for Azure AD # as we don't want to make the `api_key` in the main client Optional @@ -255,7 +294,7 @@ def __init__( self._azure_endpoint = httpx.URL(azure_endpoint) if azure_endpoint else None @override - def copy( + def copy( # type: ignore self, *, api_key: str | None = None, @@ -301,7 +340,7 @@ def copy( }, ) - with_options = copy + with_options = copy # type: ignore def _get_azure_ad_token(self) -> str | None: if self._azure_ad_token is not None: @@ -536,7 +575,7 @@ def __init__( self._azure_endpoint = httpx.URL(azure_endpoint) if azure_endpoint else None @override - def copy( + def copy( # type: ignore self, *, api_key: str | None = None, @@ -582,7 +621,7 @@ def copy( }, ) - with_options = copy + with_options = copy # type: ignore async def _get_azure_ad_token(self) -> str | None: if self._azure_ad_token is not None: diff --git a/src/openai/resources/beta/realtime/realtime.py b/src/openai/resources/beta/realtime/realtime.py index 8e1b558cf3..af55755efd 100644 --- a/src/openai/resources/beta/realtime/realtime.py +++ b/src/openai/resources/beta/realtime/realtime.py @@ -22,6 +22,7 @@ from ...._types import NOT_GIVEN, Query, Headers, NotGiven from ...._utils import ( is_azure_client, + is_given, maybe_transform, strip_not_given, async_maybe_transform, @@ -358,17 +359,32 @@ async def __aenter__(self) -> AsyncRealtimeConnection: raise OpenAIError("You need to install `openai[realtime]` to use this method") from exc extra_query = self.__extra_query - auth_headers = self.__client.auth_headers - if is_async_azure_client(self.__client): - url, auth_headers = await self.__client._configure_realtime(self.__model, extra_query) - else: - url = self._prepare_url().copy_with( - params={ + + url = self._prepare_url() + if self.__client.auth_provider: + url, headers, params, _ = await self.__client.auth_provider.do_auth( + url = url, + headers = self.__client.auth_headers, + params = { **self.__client.base_url.params, - "model": self.__model, **extra_query, }, ) + else: + headers, params, = ( + self.__client.auth_headers, + { + **self.__client.base_url.params, + **extra_query, + } + ) + url = url.copy_with( + params={ + "model": self.__model, + **(params if is_given(params) else {}), + }, + ) + log.debug("Connecting to %s", url) if self.__websocket_connection_options: log.debug("Connection options: %s", self.__websocket_connection_options) @@ -379,7 +395,7 @@ async def __aenter__(self) -> AsyncRealtimeConnection: user_agent_header=self.__client.user_agent, additional_headers=_merge_mappings( { - **auth_headers, + **headers, "OpenAI-Beta": "realtime=v1", }, self.__extra_headers, @@ -540,7 +556,7 @@ def __enter__(self) -> RealtimeConnection: raise OpenAIError("You need to install `openai[realtime]` to use this method") from exc extra_query = self.__extra_query - auth_headers = self.__client.auth_headers + url = self._prepare_url() if is_azure_client(self.__client): url, auth_headers = self.__client._configure_realtime(self.__model, extra_query) else: diff --git a/tests/test_client.py b/tests/test_client.py index ccda50a7f0..a7e5fecfc8 100644 --- a/tests/test_client.py +++ b/tests/test_client.py @@ -11,20 +11,22 @@ import inspect import subprocess import tracemalloc -from typing import Any, Union, cast +from typing import Any, Union, Protocol, cast, Mapping from textwrap import dedent from unittest import mock -from typing_extensions import Literal +from typing_extensions import Literal, override import httpx import pytest from respx import MockRouter from pydantic import ValidationError -from openai import OpenAI, AsyncOpenAI, APIResponseValidationError -from openai._types import Omit +from openai import OpenAI, AsyncOpenAI, APIResponseValidationError, AuthProvider, AsyncAuthProvider, NOT_GIVEN +from openai._types import Omit, NotGivenOr, Headers from openai._models import BaseModel, FinalRequestOptions +from openai._compat import model_copy from openai._streaming import Stream, AsyncStream +from openai._utils import is_given from openai._exceptions import OpenAIError, APIStatusError, APITimeoutError, APIResponseValidationError from openai._base_client import ( DEFAULT_TIMEOUT, @@ -41,6 +43,35 @@ api_key = "My API Key" +class MockRequestCall(Protocol): + request: httpx.Request + +def mock_auth_provider(token: str = 'dummy', *, additional: dict[str, str] = {}) -> AuthProvider: + """ + Mock auth provider that returns a FinalRequestOptions with the Authorization header set. + """ + class MockAuthProvider(AuthProvider): + + @override + def do_auth(self, *, url: str, headers: Mapping[str, str], params: dict[str, str], cookies: Any = NOT_GIVEN) -> tuple[str, Mapping[str, str], dict[str, str], Any]: + headers = { **(headers if is_given(headers) else {}), **additional } + headers.setdefault('Authorization', f'Bearer {token}') + return url, headers, params, cookies + + return MockAuthProvider() + +def async_mock_auth_provider(token: str = 'dummy', *, additional: dict[str, str] = {}): + + class MockAuthProvider(AsyncAuthProvider): + + @override + async def do_auth(self, *, url: str, headers: NotGivenOr[Headers] = NOT_GIVEN, params: dict[str, str], cookies: Any = NOT_GIVEN) -> tuple[str, NotGivenOr[Headers], NotGivenOr[dict[str, str]], Any]: + headers = { **(headers if is_given(headers) else {}), **additional } + headers.setdefault('Authorization', f'Bearer {token}') + return url, headers, params, cookies + + return MockAuthProvider() + def _get_params(client: BaseClient[Any, Any]) -> dict[str, str]: request = client._build_request(FinalRequestOptions(method="get", url="/foo")) url = httpx.URL(request.url) @@ -337,7 +368,9 @@ def test_default_headers_option(self) -> None: def test_validate_headers(self) -> None: client = OpenAI(base_url=base_url, api_key=api_key, _strict_response_validation=True) - request = client._build_request(FinalRequestOptions(method="get", url="/foo")) + options = client._prepare_options(FinalRequestOptions(method="get", url="/foo")) + request = client._build_request(options) + assert request.headers.get("Authorization") == f"Bearer {api_key}" with pytest.raises(OpenAIError): @@ -939,6 +972,53 @@ def test_follow_redirects_disabled(self, respx_mock: MockRouter) -> None: assert exc_info.value.response.status_code == 302 assert exc_info.value.response.headers["Location"] == f"{base_url}/redirected" + @pytest.mark.respx() + def test_auth_provider_refresh(self, respx_mock: MockRouter) -> None: + respx_mock.post(base_url + "/chat/completions").mock( + side_effect=[ + httpx.Response(500, json={"error": "server error"}), + httpx.Response(200, json={"foo": "bar"}), + ] + ) + + class CountingAuthProvider(AuthProvider): + + def __init__(self): + self.counter = 0 + + @override + def do_auth(self, *, url: str, headers: NotGivenOr[Headers] = NOT_GIVEN, params: NotGivenOr[dict[str, object]] = NOT_GIVEN, cookies: Any = NOT_GIVEN) -> tuple[str, NotGivenOr[Headers], NotGivenOr[dict[str, object]], Any]: + self.counter += 1 + headers = {**headers} if is_given(headers) else {} + headers.setdefault('Authorization', f'Bearer {self.counter}') + return url, headers, params, cookies + + client = OpenAI(base_url=base_url, auth_provider=CountingAuthProvider()) + client.chat.completions.create(messages=[], model="gpt-4") + + calls = cast("list[MockRequestCall]", respx_mock.calls) + assert len(calls) == 2 + + assert calls[0].request.headers.get("Authorization") == "Bearer 1" + assert calls[1].request.headers.get("Authorization") == "Bearer 2" + + def test_auth_mutually_exclusive(self) -> None: + with pytest.raises(ValueError) as exc_info: + OpenAI(base_url=base_url, api_key=api_key, auth_provider=mock_auth_provider()) + assert str(exc_info.value) == "The `api_key` and `auth_provider` arguments are mutually exclusive" + + def test_copy_auth(self) -> None: + client = OpenAI(base_url=base_url, auth_provider=mock_auth_provider("Bearer test_bearer_token_1")).copy( + auth_provider=mock_auth_provider("test_bearer_token_2") + ) + options = client._prepare_options(FinalRequestOptions(method="get", url="/foo")) + assert options.headers == {"Authorization": "Bearer test_bearer_token_2"} + + def test_copy_auth_mutually_exclusive(self) -> None: + with pytest.raises(ValueError) as exc_info: + OpenAI(base_url=base_url, api_key=api_key).copy(auth_provider=mock_auth_provider()) + assert str(exc_info.value) == "The `api_key` and `auth_provider` arguments are mutually exclusive" + class TestAsyncOpenAI: client = AsyncOpenAI(base_url=base_url, api_key=api_key, _strict_response_validation=True) @@ -1220,9 +1300,10 @@ def test_default_headers_option(self) -> None: assert request.headers.get("x-foo") == "stainless" assert request.headers.get("x-stainless-lang") == "my-overriding-header" - def test_validate_headers(self) -> None: + async def test_validate_headers(self) -> None: client = AsyncOpenAI(base_url=base_url, api_key=api_key, _strict_response_validation=True) - request = client._build_request(FinalRequestOptions(method="get", url="/foo")) + options = await client._prepare_options(FinalRequestOptions(method="get", url="/foo")) + request = client._build_request(options) assert request.headers.get("Authorization") == f"Bearer {api_key}" with pytest.raises(OpenAIError): @@ -1887,3 +1968,67 @@ async def test_follow_redirects_disabled(self, respx_mock: MockRouter) -> None: assert exc_info.value.response.status_code == 302 assert exc_info.value.response.headers["Location"] == f"{base_url}/redirected" + + @pytest.mark.asyncio + async def test_refresh_auth_headers_dict_async(self) -> None: + client = AsyncOpenAI(base_url=base_url, auth_provider=async_mock_auth_provider('test_bearer_token', additional = { 'Second': 'Value'})) + options = await client._prepare_options(FinalRequestOptions(method='GET', url='/foo')) + assert options.headers == { "Authorization": "Bearer test_bearer_token", "Second": "Value"} + + + @pytest.mark.asyncio + @pytest.mark.respx() + async def test_bearer_token_refresh_async(self, respx_mock: MockRouter) -> None: + respx_mock.post(base_url + "/chat/completions").mock( + side_effect=[ + httpx.Response(500, json={"error": "server error"}), + httpx.Response(200, json={"foo": "bar"}), + ] + ) + + class CountingAuthProvider(AsyncAuthProvider): + + def __init__(self): + self.counter = 0 + + @override + async def do_auth(self, *, url: str, headers: NotGivenOr[Headers] = NOT_GIVEN, params: NotGivenOr[dict[str, object]] = NOT_GIVEN, cookies: Any = NOT_GIVEN) -> tuple[str, NotGivenOr[Headers], NotGivenOr[dict[str, object]], Any]: + self.counter += 1 + headers = {**headers} if is_given(headers) else {} + headers.setdefault('Authorization', f'Bearer {self.counter}') + return url, headers, params, cookies + + + client = AsyncOpenAI(base_url=base_url, auth_provider=CountingAuthProvider()) + await client.chat.completions.create(messages=[], model="gpt-4") + + calls = cast("list[MockRequestCall]", respx_mock.calls) + assert len(calls) == 2 + + assert calls[0].request.headers.get("Authorization") == "Bearer 1" + assert calls[1].request.headers.get("Authorization") == "Bearer 2" + + def test_auth_mutually_exclusive_async(self) -> None: + async def auth_provider(options: FinalRequestOptions) -> FinalRequestOptions: + return options + + with pytest.raises(ValueError) as exc_info: + AsyncOpenAI(base_url=base_url, api_key=api_key, auth_provider=auth_provider) + assert str(exc_info.value) == "The `api_key` and `auth_provider` arguments are mutually exclusive" + + @pytest.mark.asyncio + async def test_copy_auth(self) -> None: + auth_provider_1 = async_mock_auth_provider('First') + auth_provider_2 = async_mock_auth_provider('Second') + + client = AsyncOpenAI(base_url=base_url, auth_provider=auth_provider_1).copy(auth_provider=auth_provider_2) + options = await client._prepare_options(FinalRequestOptions(method='GET', url='/foo')) + assert options.headers.get("Authorization") == "Bearer Second" + + def test_copy_auth_mutually_exclusive_async(self) -> None: + async def auth_provider() -> str: + return "test_bearer_token" + + with pytest.raises(ValueError) as exc_info: + AsyncOpenAI(base_url=base_url, api_key=api_key).copy(auth_provider=auth_provider) + assert str(exc_info.value) == "The `api_key` and `auth_provider` arguments are mutually exclusive" diff --git a/tests/test_module_client.py b/tests/test_module_client.py index 9c9a1addab..862fe713db 100644 --- a/tests/test_module_client.py +++ b/tests/test_module_client.py @@ -15,6 +15,7 @@ def reset_state() -> None: openai._reset_client() openai.api_key = None or "My API Key" + openai.auth_provider = None openai.organization = None openai.project = None openai.webhook_secret = None @@ -97,6 +98,28 @@ def test_http_client_option() -> None: assert openai.completions._client._client is new_client +def test_auth_provider_str_option() -> None: + assert openai.auth_provider is None + assert openai.completions._client.auth_provider is None + + openai.auth_provider = lambda: "foo" + + assert openai.auth_provider() == "foo" + assert openai.completions._client.auth_provider + assert openai.completions._client.auth_provider() == "foo" + + +def test_auth_provider_dict_option() -> None: + assert openai.auth_provider is None + assert openai.completions._client.auth_provider is None + + openai.auth_provider = lambda: {"foo": "bar"} + + assert openai.auth_provider() == {"foo": "bar"} + assert openai.completions._client.auth_provider + assert openai.completions._client.auth_provider() == {"foo": "bar"} + + import contextlib from typing import Iterator @@ -123,6 +146,27 @@ def test_only_api_key_results_in_openai_api() -> None: assert type(openai.completions._client).__name__ == "_ModuleClient" +def test_only_auth_provider_in_openai_api() -> None: + with fresh_env(): + openai.api_type = None + openai.api_key = None + openai.auth_provider = lambda: "example bearer token" + + assert type(openai.completions._client).__name__ == "_ModuleClient" + + +def test_both_api_key_and_auth_provider_in_openai_api() -> None: + with fresh_env(): + openai.api_key = "example API key" + openai.auth_provider = lambda: "example bearer token" + + with pytest.raises( + ValueError, + match=r"The `api_key` and `auth_provider` arguments are mutually exclusive", + ): + openai.completions._client # noqa: B018 + + def test_azure_api_key_env_without_api_version() -> None: with fresh_env(): openai.api_type = None