题意:使用托管身份访问 Azure OpenAI 服务
问题背景:
I'm working with Azure OpenAI service, and want to test its Managed Identity support. According to the docs it supports Managed Identity authentication, for example - using a VM.
我正在使用 Azure OpenAI 服务,并希望测试其托管身份(Managed Identity)支持。根据文档,它支持托管身份认证,例如使用虚拟机(VM)。
So I did the following: 因此,我进行了以下操作:
- Created a VM in Azure 在 Azure 中创建了一个虚拟机(VM)
- Assigned it a managed identity 为其分配了一个托管身份(Managed Identity)
- Assigned this identity a "Cognitive Services User" role (as per the docs) on the OpenAI resource 在 OpenAI 资源上为这个身份分配了“Cognitive Services User”角色(根据文档)。
- Downloaded Postman to the VM 在虚拟机上下载了 Postman
- Tried to access OpenAI API without the API Key (that's the whole point, isn't it?)
尝试在没有 API 密钥的情况下访问 OpenAI API(这不正是重点吗?)
But I keep getting a 401 error. 但我一直收到 401 错误。
What am I missing? With other services, VM with authenticated Managed Identity can access the service (ie. Storage Account, KeyVault). Why isn't it working here?
我遗漏了什么?对于其他服务,带有已认证托管身份的虚拟机可以访问该服务(例如,存储帐户、KeyVault)。为什么在这里不起作用呢?
问题解决:
In order to access Azure Open AI service, you still need an authentication header.
为了访问 Azure OpenAI 服务,你仍然需要一个认证头。
The difference that has a managed identity configured is instead of using api key, you can also use an access token to access the service.
配置了托管身份的区别在于,你可以使用访问令牌而不是 API 密钥来访问服务。
You can take GitHub - openai/openai-python: The official Python library for the OpenAI API as a reference about how to get the access token with managed identity.
你可以参考 GitHub 上的 openai/openai-python: The official Python library for the OpenAI API 了解如何使用托管身份获取访问令牌。
(I am a Microsoft employee working in the Azure SDK team.)
我是一名在 Azure SDK 团队工作的 Microsoft 员工。
