Hey everyone! I'm working with a Foundry AI Agent and I see that on its overview, there's an API key, an endpoint, and project details available. I'm trying to use the Python SDK, and I see the DefaultAzureCredential() function which facilitates logging in through different methods. However, I'm running my application inside a Docker container and want to set it up with some environment variables so that I don't need to continuously run 'az login' every time the token expires. I've searched high and low, but I can't find a way to authenticate with Foundry Projects without having to refresh the tokens manually. The only thing I found was the Object ID for the Azure AI Foundry project resource on Azure. Is there a way to authenticate inside a Docker container that would allow me to avoid the need for constant token refreshing? Any tips or alternative options would be greatly appreciated! Thanks in advance!
1 Answer
You might want to check if DefaultAzureCredential() can utilize managed identities for authentication since it attempts various methods to get a token. If your Docker container is running within an Azure service that supports managed identities, this could streamline the authentication process without needing to run 'az login'. To improve efficiency, you can even exclude certain credential types that aren't relevant for your context. It could save you from having to deal with token refreshes. Looking into [Microsoft's documentation](https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication/credential-chains?tabs=dac) could provide more insights!
That sounds promising! But I think the resource owner might not have registered it in Entra ID apps, which is why 'az login' is my only option right now. So, if I register our project with Entra apps, DefaultAzureCredential() should be able to fetch the token seamlessly, right?