Routing issue when sending both api-key and authorization in header in v0.10.0

Question

Routing issue when sending both api-key and authorization in header in v0.10.0

LeonKalt opened this issue a month ago · comments

When sending both api-key and authorization header as done per default in the open ai python lib. A entra_id_client must be set or the powerproxy generates an exception.

openai/lib/azure.py

Timo Klimmer · Answer 1 · Tue May 28 2024 01:04:18 GMT+0800 (China Standard Time)

Hi @LeonKalt, the problem you bring up is encountered when an Entra ID/Azure AD request is sent, but PowerProxy's configuration misses a client that is marked as the entra id client. Use uses_entra_id_auth: true instead of key: ... to mark the client used for Entra ID requests. This is expected behavior / by design because PowerProxy has no other option to identify a client in case of Entra ID auth other than using a fixed client. I have updated the code and released a new version which should give a better error response / explanation when this scenario is encountered.

Philipp Müller · Answer 2 · Tue May 28 2024 14:16:48 GMT+0800 (China Standard Time)

Hey @timoklimmer,

first of all, thanks for your fast response and your work here!
The Powerproxy is very useful for us.

Unfortunately, that did not solve the error @LeonKalt described for us.
To provide some more context, we call the PP by using langchain.

We also do not make an AD request but provide the address of the PP as an endpoint, together with the API key.
I understand your point, but the openai lib always attaches Authorization to the header.
At least, that happens in our situation.
(See here: https://github.com/openai/openai-python/blob/main/src/openai/_client.py#L370)

Therefore, if we make a request, both "api-key" and "Authorization" are given.
We have bypassed the problem by changing the workflow in your PP a bit.

Changing the "if" to an "elif" works for us.
https://github.com/timoklimmer/powerproxy-aoai/blob/main/app/powerproxy.py#L218

-         if "authorization" in headers:
+         elif "authorization" in headers:

Could you please share your thoughts on this approach?

Timo Klimmer · Answer 3 · Tue May 28 2024 17:20:38 GMT+0800 (China Standard Time)

I have tested with the latest openai package and have sent a request with both API key and Authorization token, and it worked without issues. If both API key and auth token are sent, the auth token wins as desired (although it's a bad request anyway IMHO). I suggest to check your code and configuration again. The test scripts included in the repo show how to send requests via the openai package.