fix(azure): preserve AD token refresh in v1 OpenAI client path

[mateo-berri]

Summary

Fixes the Azure AD authentication regression in 1.84.0 reported in #27945. When api_version is v1, latest, or preview, litellm routes Azure calls through a plain OpenAI/AsyncOpenAI client (to hit /openai/v1/). That path only forwarded api_key from azure_client_params, so any AD-only configuration — including enable_azure_ad_token_refresh: true, the case in #27945 — hit OpenAIError: The api_key client option must be set… on every request.

The OpenAI SDK (>= 2.20.0, our minimum) already accepts a Callable[[], str] as api_key and re-invokes it on every request via _refresh_api_key. We now forward azure_ad_token_provider directly — preserving the per-request refresh behavior of the regular AzureOpenAI client and avoiding the expiry hole that resolving the token once at client-creation time would introduce.

• litellm/llms/azure/common_utils.py: in the _is_azure_v1_api_version branch, set api_key to azure_client_params["api_key"] or azure_ad_token_provider or azure_ad_token. For the async client, wrap the sync provider returned by azure-identity in an async function (AsyncOpenAI requires Callable[[], Awaitable[str]]).
• Static azure_ad_token strings fall through to api_key as before.
• Explicit api_key still wins (test added).

Test plan

• New tests in tests/test_litellm/llms/azure/test_azure_common_utils.py, parametrized over v1 / latest / preview:
  • test_azure_v1_api_with_azure_ad_token_provider — provider forwarded as api_key; SDK stores it as _api_key_provider (sync) or wrapped async provider (async).
  • test_azure_v1_api_async_token_provider_resolves_to_current_token — async wrapper calls the underlying provider on each invocation (token rotation honored).
  • test_azure_v1_api_with_static_azure_ad_token — static AD token used as api_key.
  • test_azure_v1_api_key_wins_over_ad_token — explicit api_key takes precedence; _api_key_provider is None.
• Existing v1 / traditional Azure tests still pass.

Fixes #27945

https://claude.ai/code/session_01UnzrDSFUUgp5T2wRoPMxq5

---

Generated by Claude Code

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[codspeed-hq]

Congrats! CodSpeed is installed 🎉

🆕 16 new benchmarks were detected.

You will start to see performance impacts in the reports once the benchmarks are run from your default branch.

Detected benchmarks

• test_cost_per_token_anthropic: 557.2 µs
• test_cost_per_token_openai: 556.7 µs
• test_get_llm_provider_anthropic: 142.6 µs
• test_get_model_info_with_provider: 80 µs
• test_get_llm_provider_azure: 144.2 µs
• test_token_counter_long_content: 1.7 ms
• test_token_counter_with_tools: 415 µs
• test_token_counter_multi_turn: 566.5 µs
• test_get_llm_provider_openai: 139.4 µs
• test_get_llm_provider_with_prefix: 137.2 µs
• test_token_counter_raw_text: 183.8 µs
• test_get_model_cost_key_case_insensitive: 82.2 µs
• test_token_counter_simple_message: 237.2 µs
• test_get_model_cost_key_exact_match: 80 µs
• test_get_model_info_anthropic: 79.2 µs
• test_get_model_info_openai: 82.3 µs

---

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!