[Bug] Azure OpenAI Image Generation Fails with Managed Identity in LiteLLM v1.76.3 #14404
Description
What happened?
Summary:
In LiteLLM v1.76.3, when using Azure OpenAI's image generation API (e.g., for models like DALL·E 3), the library bypasses the AzureOpenAI SDK and instead uses a direct HTTP client to make requests. This design prevents users from authenticating via Managed Identity, which is essential in secure enterprise environments that prohibit API key usage.
Issue Details:
- LiteLLM uses raw HTTP requests for image generation instead of the AzureOpenAI SDK.
- There is no support for passing
azure_ad_token_providerorazure_ad_tokenas a Bearer token in the HTTP request. - This makes it impossible to use Azure OpenAI image generation with Managed Identity, effectively blocking secure, keyless deployments.
Impact:
- ❌ Security Compliance Violation: Enterprises enforcing keyless access via Managed Identity cannot use LiteLLM for image generation.
⚠️ Feature Inconsistency: Text generation supports Managed Identity via SDK, but image generation does not.- 🚫 Deployment Blocker: This is a critical blocker for organizations using Azure OpenAI in production environments.
Suggested Fix:
- Use the AzureOpenAI SDK client for image generation requests, or
- Allow injection of
azure_ad_tokenorazure_ad_token_providerinto the HTTP request headers for authentication.
Relevant log output
Error Message: ERROR:LiteLLMAdapter:Exception occurred in image generation: APIError --> litellm.APIError: AzureException APIError - Header value must be str or bytes, not <class 'NoneType'>
Generated CURL from LiteLLM
POST Request Sent from LiteLLM:
curl -X POST \
https://xxxxxxxxxxxx.openai.azure.com/openai/deployments/dall-e-3/images/generations?api-version=2025-04-01-preview \
-H 'Content-Type: application/json' -H 'api-key: None' \
-d '{'model': 'dall-e-3', 'prompt': 'generate a small butterfly', 'extra_body': {}}'Are you a ML Ops Team?
No
What LiteLLM version are you on ?
1.76.3