How i can be sure that no one else can benefit from the azure function which integrate with Chat GPT using API key #3582
Replies: 2 comments
-
|
Could this answer your question? |
Beta Was this translation helpful? Give feedback.
-
|
As you described, the Azure Function is secured with Azure AD. That means only users in your organization (Inside your Azure AD) can use this. If you want to limit other SPFx Web Parts from being able to able to use this function, you should convert the solution to be an Isolated Web Part, and only grant permission for this Web Part to have access to this Azure Function App Registration. https://learn.microsoft.com/en-us/sharepoint/dev/spfx/web-parts/isolated-web-parts Additionally, it may be smart to move your secret key from the Azure Function, to a Keyvault which has limited access. That way you don't accidentally expose this key to people in your Org with Azure access. https://learn.microsoft.com/en-us/azure/app-service/app-service-key-vault-references?tabs=azure-cli |
Beta Was this translation helpful? Give feedback.
-
I want to install the SPfx for chat GPT from this link @ https://github.com/pnp/sp-dev-fx-webparts/tree/main/samples/react-chatgpt-app
The steps requires creating and Azure Function which will store the API key are:-
OpenAI-Azure-functions
Deploy
To deploy you can use the Azure Extensions for VSCODE , go to "WORKSPACE" and on top Options select Deploy.
Secure Azure Function App
The Azure Fucntion is secured by Authentication after deployed go to Azure and select Function App and select the Azure Function App created "OpenAIFunctionsApp"
configure authentication
Select Authentications and you have option to create a new Azure App or select a one already created.
in this sample , create a new one.
After go to CORS and add your SharePoint address.
Application Settings
The function needs to have the followed environment vars defined:
So at the end we will have an azure function which stores our secure API key. so how we can be sure that no external user can use/benefit from our azure function to create an own SPFx which call out azure function ?
Thanks
Beta Was this translation helpful? Give feedback.
All reactions