AzureSearch Oauth with `azure_ad_access_token` not working: `TokenCredential` cannot be instantiated

[clairebehue]

Checked other resources

• [X] I added a very descriptive title to this issue.
• [X] I searched the LangChain documentation with the integrated search.
• [X] I used the GitHub search to find a similar question and didn't find it.
• [X] I am sure that this is a bug in LangChain rather than my code.
• [X] The bug is not resolved by updating to the latest stable version of LangChain (or the specific integration package).

Example Code

The following code fails to instantiate an AzureSearch instance:

from azure.core.credentials import AzureKeyCredential
from azure.identity import ClientSecretCredential

from langchain_community.vectorstores.azuresearch import AzureSearch

# setup your connection params:
DEFAULT_OAUTH_SCOPE = "https://search.azure.com/.default"
TENANTID = "..."   # Your company tenant id in Azure
APPID = "..."  # Your entreprise app id from Microsoft entra id
APPSECRET = "... "  # the secret value of a secret credential attached with your app
SEARCH_SERVICE_ENDPOINT= ".." #  Azure AI Search URL of the service to connect to (default URL is https://RESOURCE_NAME.search.windows.net)
embeddings = ... # replace with an instance of langchain.embeddings.base.Embeddings

# retrieve an access token from azure client:
azure_credential = ClientSecretCredential(tenant_id=TENANTID, client_id=APPID, client_secret=APPSECRET)
access_token = azure_credential.get_token(DEFAULT_OAUTH_SCOPE)

# Try to use the access_token obtained to instantiate an AzureSearch object ==> fails
db = AzureSearch(
    azure_search_endpoint= SEARCH_SERVICE_ENDPOINT,
    index_name="indexname",
    embedding_function=embeddings,
    azure_ad_access_token=access_token,
    azure_search_key=None
)

Error Message and Stack Trace (if applicable)

    db = AzureSearch(
File ".../python3.9/site-packages/langchain_community/vectorstores/azuresearch.py", line 335, in __init__
   self.client = _get_search_client(
File ".../python3.9/site-packages/langchain_community/vectorstores/azuresearch.py", line 134, in _get_search_client
   credential = TokenCredential(
File ".../python3.9/site-packages/typing_extensions.py", line 551, in _no_init
   raise TypeError('Protocols cannot be instantiated')
TypeError: Protocols cannot be instantiated

Description

instantiating AzureSearch with azure_ad_access_token != None is trying to create an instance of TokenCredential which is an interface and not instantiable. (see https://python.langchain.com/v0.2/api_reference/_modules/langchain_community/vectorstores/azuresearch.html#AzureSearch.__init__ )

Additional Notes:

• Oauth for azure ai search comes from this PR: (which also introduce the issue)
• the workaround to using Oauth with azure ai search with langchain is to set both azure_search_key & azure_ad_access_token to None but setting the following env var: (authentification will then use the from azure.identity import DefaultAzureCredential class. see Azure doc about this os.environ["AZURE_TENANT_ID"] = TENANTID os.environ["AZURE_CLIENT_ID"] = APPID os.environ["AZURE_CLIENT_SECRET"] = APPSECRET

System Info

langchain-community==0.2.16 platform: mac python 3.9

[gavinbarron]

This also fails in the same manner when attempting to use Managed Service Identity, which is preferable from a security perspective as it removes the weakness of persistent secrets which could be compromised and used by a malicious actor.

For reference the issue also exists on: langchain-community==0.3.0 platform: linux python 3.12.5