Use of Azure OpenAI token provider

Hi,

I’m trying to create a crew but I’m facing lots of issues because of the way I need to connect to Azure OpenAI. I don’t have any OPENAI_API_KEY but instead I’m connecting with a token provider, something like

import os
import msal
from langchain_openai.chat_models.azure import AzureChatOpenAI

azure_app = msal.ConfidentialClientApplication(
client_id=os.environ.get("AZURE_OPENAI_CLIENT_ID"),
authority=os.environ.get("AZURE_OPENAI_AUTHORITY"),
client_credential=os.environ.get("AZURE_OPENAI_CLIENT_SECRET"),
token_cache=msal.TokenCache(),

)

llm = AzureChatOpenAI(
    azure_endpoint=os.environ.get("AZURE_OPENAI_ENDPOINT"),
    azure_ad_token_provider=lambda: azure_app.acquire_token_for_client(scopes=[os.environ.get("AZURE_OPENAI_SCOPE"])["access_token"],
    api_version=os.environ.get("AZURE_OPENAI_API_VERSION"),
    azure_deployment="gpt4o",
    model_name="azure/gpt4o",
    temperature=0,
)

This works well when I invoke directly the llm, for example

llm.invoke("Tell me a joke").content

However, I got the following error when using the llm in an agent

ERROR:root:LiteLLM call failed: litellm.APIError: AzureException APIError - Missing credentials. Please pass one of `api_key`, `azure_ad_token`, `azure_ad_token_provider`, or the `AZURE_OPENAI_API_KEY` or `AZURE_OPENAI_AD_TOKEN` environment variables.
Error during LLM call: litellm.APIError: AzureException APIError - Missing credentials. Please pass one of `api_key`, `azure_ad_token`, `azure_ad_token_provider`, or the `AZURE_OPENAI_API_KEY` or `AZURE_OPENAI_AD_TOKEN` environment variables.
An unknown error occurred. Please check the details below.
Error details: litellm.APIError: AzureException APIError - Missing credentials. Please pass one of `api_key`, `azure_ad_token`, `azure_ad_token_provider`, or the `AZURE_OPENAI_API_KEY` or `AZURE_OPENAI_AD_TOKEN` environment variables.

The toy example I’m trying to run is as simple as

writer = Agent(
    role='A writer of a popular AI newsletter',
    goal='Generate a detailed AI newsletter',
    backstory='You are a Top AI writer known for writing detailed and engaging newsletters',
    verbose=True,
    allow_delegation=False,
    llm=llm,
)

task = Task(description='Write a detailed newsletter about AI new trends', agent=writer, expected_output='A refined finalized version of report in text format')

crew = Crew(
    agents=[writer],
    tasks=[task],
    verbose=True,
)

result = crew.kickoff()

[EDIT]
Using an AD token provider does not seem to work, however a workaround (that needs to update the token once in a while, so it’s not very useful) could be to use a crewai.LLM object instead (so a LiteLLM underneath) as shown here:

from crewai import LLM

token= azure_app.acquire_token_for_client(scopes=[os.environ.get("AZURE_OPENAI_SCOPE"])["access_token"]

llm = LLM(
    model=model,
    temperature=temperature,
    azure_ad_token=token
)

This llm object can then be passed to agents as usual.