smurching
commented
3 days ago We're also interested in this feature for basically the same reason - I'll try tagging @kwhinnery-openai (please feel free to reroute!) who I saw active on some other PRs in this repo recently. Happy to think through a proposal for the interface of a credential provider if it's something y'all are open to.
As a followup (not required initially, can file a followup issue for this), we'd also be interested in making this pluggable so users in our organization don't have to pass the openai_api_key_provider every time, but instead could install a plugin package that automatically provides auth.
Thinking aloud, I imagine the precedence order for resolving auth in the client when doing something like
client = OpenAI(
api_key=...,
base_url="...,
http_client=...,
openai_api_key_provider=...,
)could then look like:
- [current behavior] Any authorization headers set in the
http_clientarg, if this arg is provided - [current behavior] The value of the
api_key, if provided - [current behavior] OpenAI environment variables (OPENAI_API_KEY etc)
- Auth explicitly specified in
openai_api_key_provider - Auth automatically provided by plugins, if
api_key,http_client,openai_api_key_providerare not passed
Confirm this is a feature request for the Python library and not the underlying OpenAI API.
Describe the feature or improvement you're requesting
Similar to
azure_ad_token_provider, support anopenai_api_key_providerforOpenAIandAzureOpenAIinstances. The application scenario is that OpenAI API keys are managed by some OAuth2 token servers, where a request is posted to the token servers and an API key with expiration is granted. In this case, for long running services, each time a request for OpenAI API is made, it is necessary to check and update the cached OpenAI API key. Therefore, I think it would be good to have anopenai_api_key_providerto manage this situation.Additional context
No response