@lancedb/lancedb • Docs
@lancedb/lancedb / OAuthConfig
Interface: OAuthConfig¶
OAuth configuration for LanceDB authentication.
This is the public TypeScript OAuth configuration type. The generated
NativeOAuthConfig type has the same runtime shape but is an implementation
detail of the napi-rs binding.
All token acquisition and refresh is handled in the Rust layer. This config is passed through to Rust via napi-rs.
Examples¶
const config: OAuthConfig = {
issuerUrl: "https://login.microsoftonline.com/{tenant}/v2.0",
clientId: "app-id",
clientSecret: "secret",
scopes: ["api://lancedb-api/.default"],
};
const config: OAuthConfig = {
issuerUrl: "https://login.microsoftonline.com/{tenant}/v2.0",
clientId: "app-id",
scopes: ["api://lancedb-api/.default"],
flow: OAuthFlowType.AzureManagedIdentity,
};
Properties¶
clientId¶
Application / Client ID.
clientSecret?¶
Client secret (required for ClientCredentials).
flow?¶
Authentication flow (default: ClientCredentials).
issuerUrl¶
OIDC issuer URL or OAuth authority URL.
For Azure: https://login.microsoftonline.com/{tenant_id}/v2.0
managedIdentityClientId?¶
Client ID for user-assigned managed identity (AzureManagedIdentity).
refreshBufferSecs?¶
Seconds before expiry to trigger proactive refresh (default: 300). Keep this well below the token TTL; if it is greater than or equal to the TTL, each request refreshes the token.
scopes¶
OAuth scopes to request.
For Azure managed identity, exactly one scope or resource is required.
For example: ["api://{app_id}/.default"]