Principal does not have access to API/Operation

[Randerd]

Minimal steps to reproduce

Locally run the demo

Any log messages given by the failure

raise self.handle_error_response(openai.error.AuthenticationError: Principal does not have access to API/Operation) full log output.txt

OS and Version?

Windows 10.

I'm trying to run the demo locally. Everything builds and the webpage opens, But when I try to enter a chat I'm met with the error above. I've tried replacing the openai.app_key with the one provided but that just returns an Unauthorized error for some reason.

[hophanms]

You may need to edit app.py for below lines

# Comment these two lines out if using keys, set your API key in the OPENAI_API_KEY environment variable instead
openai.api_type = "azure_ad"
openai_token = azure_credential.get_token("https://cognitiveservices.azure.com/.default")
openai.api_key = openai_token.token

[Murthy582]

You may need to edit app.py for below lines

# Comment these two lines out if using keys, set your API key in the OPENAI_API_KEY environment variable instead
openai.api_type = "azure_ad"
openai_token = azure_credential.get_token("https://cognitiveservices.azure.com/.default")
openai.api_key = openai_token.token

Not only these three lines, there are other references to openai_token in app.py, comment all those lines and refer it from environment variable if you have set OPENAI_API_KEY

[helenaj18]

I'm trying to run the demo locally. Everything builds and the webpage opens, But when I try to enter a chat I'm met with the error above. I've tried replacing the openai.app_key with the one provided but that just returns an Unauthorized error for some reason.

Has anyone managed to fix this issue? This is the error: openai.error.APIError: Invalid response object from API: '{ "statusCode": 401, "message": "Unauthorized. Access token is missing, invalid, audience is incorrect (https://cognitiveservices.azure.com), or have expired." }' (HTTP response code was 401)

The API key works if I make a simple chatCompletion, so I don't think it's an issue with the key itself.

[petrovfedor]

I use key1 as openai token and get the same error as @helenaj18 and @Randerd.

[mogokhalifa]

I had this issue and followed the steps from: https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/managed-identity to fix it.

[connorwehrum]

I had this issue and followed the steps from: https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/managed-identity to fix it.

I was able to get past the error mentioned in this post and am now getting: azure.core.exceptions.ClientAuthenticationError: Operation returned an invalid status 'Unauthorized'

Unfortunately, other issues that mention this problem for users trying to run the solution locally are unresolved. I will update if I find any new information but currently stuck.

#300

Update: After speaking with @pamelafox, it was brought to my attention that there is a step I was missing when running locally. I was under the impression that I did not have to run azd up, but it is a required step and is in the readme. These resources (such as the storage account and cognitive search) are needed in order to run the solution which azd up deploys as well as taking care of some of the permissions issues such as what I and many were experiencing here. One of the steps it will run is a script found here which will update your account to have the necessary permissions to use managed identity with Azure OpenAI and the other services.

See #548 for more clarity on the readme.

[Brandon-H-Campbell]

Check the settings in the Cognitive Services Search Service. Go to Keys in the settings and see if API Key is selected. You can change the settings to RBAC or to Both

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this issue will be closed.