-
Notifications
You must be signed in to change notification settings - Fork 1.2k
add support for token provider #1587
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Conversation
276b556
to
b4dd476
Compare
b4dd476
to
f514473
Compare
/** | ||
* A function that returns a token to use for authentication. | ||
*/ | ||
tokenProvider?: TokenProvider | undefined; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
question: why call it tokenProvider
and not apiKeyProvider
? I think the former matches the existing terminology better
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
API key auth is already supported. This feature enables short-lived token-based auth and we want to advertise it as such. Implementation-wise, it is piggybacking off the apiKey field which is just a hack to simplify the implementation.
@@ -438,6 +457,31 @@ export class OpenAI { | |||
return Errors.APIError.generate(status, error, message, headers); | |||
} | |||
|
|||
async _setToken(): Promise<boolean> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: I think "refresh" is a better verb than "set" here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The decision to refresh is taken by the input function and not by this method, i.e. it is not guaranteed that the token will be refreshed if this method is called. However, let me know if you feel strongly about it and I can update the name.
Changes being requested
This PR introduces a new
tokenProvider
option to the OpenAI client, enabling dynamic token retrieval for authentication scenarios where API keys need to be refreshed or obtained at runtime.Additional context & links
Changes
New Feature:
tokenProvider
OptionTokenProvider
type definition:() => Promise<AccessToken>
AccessToken
interface withtoken: string
propertytokenProvider
option toClientOptions
interface_setToken()
methodKey Benefits
Implementation Details
Client Construction:
tokenProvider
andapiKey
are mutually exclusive - only one can be providedtokenProvider
(setsdangerouslyAllowBrowser: true
)Token Management:
_setToken()
method now returns a boolean indicating if a token was successfully retrievedprepareOptions()
Usage Example
Backward Compatibility
This change is fully backward compatible. Existing code using
apiKey
continues to work unchanged. The newtokenProvider
option is purely additive.