Throw error if no valid client identified

timoklimmer / powerproxy-aoai

Monitors and processes traffic to and from Azure OpenAI endpoints.

MIT License

83 stars 23 forks source link

Throw error if no valid client identified #64

Closed codylittle closed 3 months ago

codylittle commented 3 months ago

Currently all requests that do not contain the api-key header are processed as successful.

timoklimmer commented 3 months ago

Hi @codylittle, thanks for bringing this up. Your code would not work in case of Azure AD/Entra ID authentication, where requests will not contain any API key. I have quickly fixed the issue on my own now and will release a new version.

codylittle commented 3 months ago

Hey @timoklimmer, can you please elaborate to fix up my understanding on the flow for Azure AD/Entra ID. Wouldn't this case still have worked since client gets assigned to config["FIXED_CLIENT"] on L190 or is FIXED_CLIENT optional for Azure AD/Entra ID implementations?

timoklimmer commented 3 months ago

In case of Azure AD/Entra ID authentication, an Authorization header is used instead of an API key. I think it's safer to replace the API key only if we got one, avoiding dependencies on client identification.

codylittle commented 3 months ago

Yep - makes sense, thanks (: