[Enhancement]: Support EntraID authorization for Azure OpenAI

[victorbjor]

Summary

This issue proposes adding support for Entra ID (Azure AD) authentication via DefaultAzureCredential as an alternative to API key–based authentication. The change is minimal (~15 lines), fully backward-compatible, and opt-in via an environment variable.

There is currently an open PR proposing the same functionality for LibreChat.

Motivation

• Some corporate Azure environments disallow API key authentication and require Entra ID.
• Aligns with Azure’s recommended practices.
• Keeps deployment simpler in Azure environments while reducing key management overhead.

Proposed Change

• Introduce an environment variable (e.g., RAG_AZURE_OPENAI_USE_ENTRA_ID=true).
• If set, instantiate credential factory function DefaultAzureCredential from azure.identity.
• Pass azure_ad_token_provider=DefaultAzureCredential() to AzureOpenAIEmbeddings.
• Keep full backward compatibility (default remains API key–based).

Scope

• Minor update to authentication logic (~10 LOC).
• No breaking changes.
• Code and PR are already prepared.

LibreChat References

• Discussion
• Issue
• PR