[BUG] Azure.AI.OpenAI Authorization fails #46590
Description
Library name and version
Azure.AI.OpenAI 2.0.0
Describe the bug
I have an existing project that works fine with an API key, but I want to use RBAC instead.
I've assigned myself the 'Cognitive Services OpenAI Contributor' role and I'm executing code that looks something like this:
var azureOpenAIClient = new AzureOpenAIClient(aiServiceEndpoint, new DefaultAzureCredential());
var embeddingClient = azureOpenAIClient.GetEmbeddingClient(embeddingModelName);
var embeddingResponse = await embeddingClient.GenerateEmbeddingsAsync(new List<string> { chunk });This project also connects to the Search Service, and that works fine with RBAC. That said, there are a dozen roles to choose from, and maybe I just haven't hit the right one yet. (feels like I've tried them all by now though)
Expected behavior
Should return a valid result.
Actual behavior
Throws exception.
Log:
[Informational] Azure-Identity: VisualStudioCredential.GetToken invoked. Scopes: [ https://cognitiveservices.azure.com/.default ] ParentRequestId: b17173fc-de25-42fa-964f-79914e44670c
[Informational] Azure-Identity: VisualStudioCredential.GetToken succeeded. Scopes: [ https://cognitiveservices.azure.com/.default ] ParentRequestId: b17173fc-de25-42fa-964f-79914e44670c ExpiresOn: 2024-10-14T13:30:59.5318802+00:00
[Informational] Azure-Identity: DefaultAzureCredential credential selected: Azure.Identity.VisualStudioCredential
[Informational] Azure-Identity: DefaultAzureCredential.GetToken succeeded. Scopes: [ https://cognitiveservices.azure.com/.default ] ParentRequestId: b17173fc-de25-42fa-964f-79914e44670c ExpiresOn: 2024-10-14T13:30:59.5318802+00:00
Unhandled exception. System.ClientModel.ClientResultException: Service request failed.
Status: 401 (Unauthorized)
at Azure.AI.OpenAI.ClientPipelineExtensions.ProcessMessageAsync(ClientPipeline pipeline, PipelineMessage message, RequestOptions options)
at Azure.AI.OpenAI.Embeddings.AzureEmbeddingClient.GenerateEmbeddingsAsync(BinaryContent content, RequestOptions options)
at OpenAI.Embeddings.EmbeddingClient.GenerateEmbeddingsAsync(IEnumerable`1 inputs, EmbeddingGenerationOptions options, CancellationToken cancellationToken)
at DownloadEmails.Services.SearchService.GenerateEmbeddingAsync(EmbeddingClient embeddingClient, String chunk) in C:\repos\visma\llm-mail-import\src\DownloadEmails\SearchService.cs:line 212
at DownloadEmails.Services.SearchService.IndexTicketDocumentsAsync(TicketInfo ticket, SearchClient searchClient, EmbeddingClient embeddingClient) in C:\repos\visma\llm-mail-import\src\DownloadEmails\SearchService.cs:line 182
at DownloadEmails.Services.SearchService.IndexNewDocumentsAsync(List`1 data, SearchClient searchClient, EmbeddingClient embeddingClient) in C:\repos\visma\llm-mail-import\src\DownloadEmails\SearchService.cs:line 127
at DownloadEmails.Services.SearchService.CreateIndexAndPushDataAsync(List`1 data) in C:\repos\visma\llm-mail-import\src\DownloadEmails\SearchService.cs:line 57
at DownloadEmails.Workers.WorkerClass.ExecuteAsync() in C:\repos\visma\llm-mail-import\src\DownloadEmails\WorkerClass.cs:line 31
at Program.<Main>$(String[] args) in C:\repos\visma\llm-mail-import\src\DownloadEmails\Program.cs:line 51
at Program.<Main>(String[] args)
Error response:
{{ "statusCode": 401, "message": "Unauthorized. Access token is missing, invalid, audience is incorrect (https://cognitiveservices.azure.com), or have expired." }}Reproduction Steps
- Write code (see description)
- Assign yourself the 'Cognitive Services OpenAI Contributor' role
- Make sure your VS Azure credential is signed in
- Run
Environment
- VS 2022
- Host:
Version: 8.0.10
Architecture: x64
Commit: 81cabf2857
Metadata
Metadata
Assignees
Labels
This issue is related to a non-management packageWorkflow: This issue is responsible by Azure service team.Issues that are reported by GitHub users external to the Azure organization.Workflow: This issue needs attention from Azure service team or SDK teamThe issue doesn't require a change to the product in order to be resolved. Most issues start as that