Skip to content

feat: Adds support for Bearer tokens to Azure Foundry #338

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mikehostetler merged 4 commits into from
Jan 16, 2026
Merged

feat: Adds support for Bearer tokens to Azure Foundry #338

mikehostetler merged 4 commits into from
Jan 16, 2026

Conversation

@ycastorium
Copy link
Contributor

@ycastorium ycastorium commented Jan 15, 2026
edited
Loading

Description

Adds support for the usage of Bearer tokens in the Azure Foundry provider

Type of Change

  • Bug fix (non-breaking change fixing an issue)
  • New feature (non-breaking change adding functionality)
  • Breaking change (fix or feature causing existing functionality to change)
  • Documentation update

Breaking Changes

Testing

  • Tests pass (mix test)
  • Quality checks pass (mix quality)

Checklist

  • My code follows the project's style guidelines
  • I have updated the documentation accordingly
  • I have added tests that prove my fix/feature works
  • All new and existing tests pass
  • My commits follow conventional commit format
  • I have NOT edited CHANGELOG.md (it is auto-generated by git_ops)

Related Issues

Closes #337

@mikehostetler
Copy link
Contributor

mikehostetler commented Jan 15, 2026

Thanks for this PR! The implementation looks good overall. I've reviewed it and have a few suggestions before merging:

Security Fix Needed

The resolve_api_key/3 function logs the first 8 characters of the API key (line 809):

Logger.debug(
  "[Azure resolve_api_key] model_family=#{model_family}, source=#{source}, key_prefix=#{if api_key, do: String.slice(api_key, 0, 8), else: "nil"}..."
)

For Bearer tokens, this leaks JWT content. Please change to:

auth_mode =
  if api_key && String.starts_with?(api_key, "Bearer "), do: "bearer", else: "api_key"

Logger.debug(
  "[Azure resolve_api_key] model_family=#{model_family}, source=#{source}, auth_mode=#{auth_mode}, key_present=#{not is_nil(api_key)}"
)

Edge Case Validation

The build_auth_header/2 function should validate Bearer tokens:

defp build_auth_header("Bearer " <> token, _model_family) do
  token = String.trim(token)

  cond do
    token == "" ->
      raise ReqLLM.Error.Invalid.Parameter.exception(
              parameter: ":api_key - Bearer token cannot be empty"
            )

    String.contains?(token, ["\r", "\n"]) ->
      raise ReqLLM.Error.Invalid.Parameter.exception(
              parameter: ":api_key - Bearer token contains invalid characters"
            )

    true ->
      {"authorization", "Bearer #{token}"}
  end
end

Additional Tests

Please add tests for these edge cases:

  • Empty Bearer token ("Bearer ")
  • Bearer token with only whitespace ("Bearer ")
  • Bearer token with newline characters (header injection protection)

Alternatively, please enable "Allow edits from maintainers" on this PR and I can push these fixes directly.

@mikehostetler mikehostetler merged commit f6ff0a0 into agentjido:main Jan 16, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Feature]: Add Support for Bearer Token authentication

2 participants

@ycastorium @mikehostetler