fix(auth): send Bearer auth for Azure Foundry anthropic_messages endpoints#27022
Closed
sharziki wants to merge 1 commit into
Closed
fix(auth): send Bearer auth for Azure Foundry anthropic_messages endpoints#27022sharziki wants to merge 1 commit into
anthropic_messages endpoints#27022sharziki wants to merge 1 commit into
Conversation
…oints Azure AI Foundry's Anthropic-style endpoint requires `Authorization: Bearer` instead of `x-api-key`. Add `azure.com` to `_requires_bearer_auth()` so the existing Bearer path at line 586 fires before the generic third-party branch sets `api_key` (x-api-key). Fixes #26970
This comment was marked as spam.
This comment was marked as spam.
teknium1
added a commit
that referenced
this pull request
May 18, 2026
Cherry-pick of @sharziki's #27022 routed Azure Foundry through _requires_bearer_auth, which also triggered the MiniMax-specific beta-strip in _common_betas_for_base_url — dropping the 1M-context beta from Azure even though Azure needs it for 1M context. Split the strip predicate: introduce _is_minimax_anthropic_endpoint so the fine-grained-tool-streaming and context-1m strips only fire for MiniMax hosts, leaving Azure's bearer-auth header swap intact without losing 1M context. Also add a regression test that asserts Azure gets Bearer auth, the api-version query param, and the context-1m-2025-08-07 beta.
Contributor
|
Merged via PR #28084. Your commit was cherry-picked onto current main with your authorship preserved in git log (commit 73407b1). We also pushed a small follow-up on top to keep the 1M-context beta active for Azure Foundry — Thanks for the fix!
|
16 tasks
Lillard01
pushed a commit
to Lillard01/hermes-agent
that referenced
this pull request
May 21, 2026
Cherry-pick of @sharziki's NousResearch#27022 routed Azure Foundry through _requires_bearer_auth, which also triggered the MiniMax-specific beta-strip in _common_betas_for_base_url — dropping the 1M-context beta from Azure even though Azure needs it for 1M context. Split the strip predicate: introduce _is_minimax_anthropic_endpoint so the fine-grained-tool-streaming and context-1m strips only fire for MiniMax hosts, leaving Azure's bearer-auth header swap intact without losing 1M context. Also add a regression test that asserts Azure gets Bearer auth, the api-version query param, and the context-1m-2025-08-07 beta.
Mucky010
pushed a commit
to Mucky010/hermes-agent
that referenced
this pull request
May 24, 2026
Cherry-pick of @sharziki's NousResearch#27022 routed Azure Foundry through _requires_bearer_auth, which also triggered the MiniMax-specific beta-strip in _common_betas_for_base_url — dropping the 1M-context beta from Azure even though Azure needs it for 1M context. Split the strip predicate: introduce _is_minimax_anthropic_endpoint so the fine-grained-tool-streaming and context-1m strips only fire for MiniMax hosts, leaving Azure's bearer-auth header swap intact without losing 1M context. Also add a regression test that asserts Azure gets Bearer auth, the api-version query param, and the context-1m-2025-08-07 beta.
gweeteve
pushed a commit
to gweeteve/hermes-agent
that referenced
this pull request
Jun 2, 2026
Cherry-pick of @sharziki's NousResearch#27022 routed Azure Foundry through _requires_bearer_auth, which also triggered the MiniMax-specific beta-strip in _common_betas_for_base_url — dropping the 1M-context beta from Azure even though Azure needs it for 1M context. Split the strip predicate: introduce _is_minimax_anthropic_endpoint so the fine-grained-tool-streaming and context-1m strips only fire for MiniMax hosts, leaving Azure's bearer-auth header swap intact without losing 1M context. Also add a regression test that asserts Azure gets Bearer auth, the api-version query param, and the context-1m-2025-08-07 beta.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
azure.comto_requires_bearer_auth()so Azure AI Foundry's Anthropic-style endpoint getsAuthorization: Bearerinstead ofx-api-key_requires_bearer_auth()check fires before the generic_is_third_party_anthropic_endpoint()branch, so Azure endpoints now take the Bearer pathRoot cause
build_anthropic_client()checks_requires_bearer_auth()first (line 586), then falls through to_is_third_party_anthropic_endpoint()(line 596) which setskwargs["api_key"](x-api-key header). Azure endpoints matched the latter but not the former, resulting in HTTP 401.Fixes #26970