diff --git a/pyrit/auth/azure_auth.py b/pyrit/auth/azure_auth.py index b60618963..00e2f8d6f 100644 --- a/pyrit/auth/azure_auth.py +++ b/pyrit/auth/azure_auth.py @@ -6,7 +6,6 @@ import logging import time from typing import TYPE_CHECKING, Any, Union, cast -from urllib.parse import urlparse import msal from azure.core.credentials import AccessToken @@ -257,25 +256,19 @@ def get_default_azure_scope(endpoint: str) -> str: """ Determine the appropriate Azure token scope based on the endpoint URL. + The Cognitive Services scope is accepted by all Azure AI endpoints including + Azure OpenAI (*.openai.azure.com) and AI Foundry (*.ai.azure.com). + Args: endpoint (str): The Azure endpoint URL. Returns: - str: The appropriate token scope for the endpoint. - - 'https://ml.azure.com/.default' for AI Foundry endpoints (*.ai.azure.com) - - 'https://cognitiveservices.azure.com/.default' for other Azure endpoints + str: The token scope 'https://cognitiveservices.azure.com/.default'. Example: >>> scope = get_default_azure_scope('https://myresource.openai.azure.com') >>> # Returns 'https://cognitiveservices.azure.com/.default' """ - try: - parsed_uri = urlparse(endpoint) - if parsed_uri.hostname and parsed_uri.hostname.lower().endswith(".ai.azure.com"): - return "https://ml.azure.com/.default" - except Exception: - pass - return "https://cognitiveservices.azure.com/.default" diff --git a/tests/integration/targets/test_entra_auth_targets.py b/tests/integration/targets/test_entra_auth_targets.py index bf068bfb2..6d9fc92ae 100644 --- a/tests/integration/targets/test_entra_auth_targets.py +++ b/tests/integration/targets/test_entra_auth_targets.py @@ -42,6 +42,7 @@ ("AZURE_OPENAI_GPTV_CHAT_ENDPOINT", "AZURE_OPENAI_GPTV_CHAT_MODEL", True), ("AZURE_FOUNDRY_DEEPSEEK_ENDPOINT", "", True), ("AZURE_FOUNDRY_PHI4_ENDPOINT", "", True), + ("AZURE_FOUNDRY_MISTRAL_LARGE_ENDPOINT", "AZURE_FOUNDRY_MISTRAL_LARGE_MODEL", True), ], ) async def test_openai_chat_target_entra_auth(sqlite_instance, endpoint, model_name, supports_seed):