Add Azure AD authentication documentation for Azure OpenAI #2709
+323
−18
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit fixes two critical issues:
1. **Fix JWT encoding for GCP service account keys in WASM**
- Handle literal `\n` characters in JSON (common in GCP service account files)
- Add support for both PKCS#8 and PKCS#1 format PEM headers
- Validate key length before attempting import (must be >= 100 bytes)
- Improve error messages with actionable troubleshooting steps
- Add new `KeyTooShort` error variant with context
2. **Fix environment variable deletion not persisting**
- `deleteApiKeyAtom` now auto-saves changes to storage
- Deletion behavior now consistent with edit auto-save
- Fixes bug where clicking trash icon only updated local state
Technical details:
- WASM JWT: Added `.replace("\\n", "")` to handle escaped newlines in JSON strings
- WASM JWT: Enhanced error messages for WebCrypto import failures
- WASM Auth: Add early validation for credentials string length
- TypeScript: Modified `deleteApiKeyAtom` to persist deletions immediately
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <[email protected]>
Adds comprehensive authentication documentation for Azure OpenAI provider, including: - DefaultAzureCredential chain (Environment, Managed Identity, Azure CLI, API Key fallback) - API Key authentication (both top-level and nested patterns) - Azure CLI authentication - Service Principal authentication - Managed Identity authentication Maintains backward compatibility with existing api_key field while introducing new nested auth object pattern with type field. When no authentication is specified, defaults to DefaultAzureCredential chain with AZURE_OPENAI_API_KEY as final fallback for easy migration. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
hellovai
had a problem deploying
to
boundary-tools-dev
GitHub Actions
Error
hellovai
had a problem deploying
to
boundary-tools-dev
GitHub Actions
Error
hellovai
temporarily deployed
to
boundary-tools-dev
GitHub Actions
Inactive
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
🌿 Preview your docs: https://boundary-preview-2f8f5fd7-0482-447d-b650-790d69a015bc.docs.buildwithfern.com |
hellovai
temporarily deployed
to
boundary-tools-dev
GitHub Actions
Inactive
hellovai
temporarily deployed
to
boundary-tools-dev
GitHub Actions
Inactive
hellovai
temporarily deployed
to
boundary-tools-dev
GitHub Actions
Inactive
|
🌿 Preview your docs: https://boundary-preview-29913037-17db-40e6-8bdc-d16093e161fb.docs.buildwithfern.com |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Adds comprehensive authentication documentation for the Azure OpenAI provider, including support for Azure AD (Entra ID) OAuth authentication via DefaultAzureCredential chain.
This PR adds user-facing documentation that:
api_keyfield while introducing new nestedauthobject patternThe authentication pattern follows the same design as our existing Vertex AI and AWS Bedrock implementations.
Implementation Details
Authentication Methods Supported:
az loginConfiguration Design:
authnorapi_keyis specified, defaults toauth { type "default" }api_keycontinue to work (backward compatible)authobject uses nested structure withtypefield (follows GCP/AWS pattern)Test plan
🤖 Generated with Claude Code
Note
Adds Azure OpenAI authentication docs (DefaultAzureCredential, API key, AAD methods), strengthens WASM JWT/Vertex auth validation and error messages, and auto-saves API key deletions in the playground.
options.auth { type ... }pattern and clarifyapi_keybehavior/overrides.vertex/wasm_auth.rs: validate credential strings (length check) and improve error contexts (claims serialization, JWT encoding); remove debug noise.wasm_jwt.rs: enhance PEM handling (strip RSA/PKCS#8 headers, normalize newlines), add key length validation, and expand actionable error messages (missing WebCrypto, base64 decode, key import).api-keys-dialog/atoms.ts: auto-save deletions touserApiKeysAtomand clear pending changes; maintain recently added keys state.Written by Cursor Bugbot for commit 5e58c77. This will update automatically on new commits. Configure here.