Skip to content

@lancedb/lancedbDocs


@lancedb/lancedb / OAuthConfig

Interface: OAuthConfig

OAuth configuration for LanceDB authentication.

This is the public TypeScript OAuth configuration type. The generated NativeOAuthConfig type has the same runtime shape but is an implementation detail of the napi-rs binding.

All token acquisition and refresh is handled in the Rust layer. This config is passed through to Rust via napi-rs.

Examples

const config: OAuthConfig = {
  issuerUrl: "https://login.microsoftonline.com/{tenant}/v2.0",
  clientId: "app-id",
  clientSecret: "secret",
  scopes: ["api://lancedb-api/.default"],
};
const config: OAuthConfig = {
  issuerUrl: "https://login.microsoftonline.com/{tenant}/v2.0",
  clientId: "app-id",
  scopes: ["api://lancedb-api/.default"],
  flow: OAuthFlowType.AzureManagedIdentity,
};

Properties

clientId

clientId: string;

Application / Client ID.


clientSecret?

optional clientSecret: string;

Client secret (required for ClientCredentials).


flow?

optional flow: OAuthFlowType;

Authentication flow (default: ClientCredentials).


issuerUrl

issuerUrl: string;

OIDC issuer URL or OAuth authority URL. For Azure: https://login.microsoftonline.com/{tenant_id}/v2.0


managedIdentityClientId?

optional managedIdentityClientId: string;

Client ID for user-assigned managed identity (AzureManagedIdentity).


refreshBufferSecs?

optional refreshBufferSecs: number;

Seconds before expiry to trigger proactive refresh (default: 300). Keep this well below the token TTL; if it is greater than or equal to the TTL, each request refreshes the token.


scopes

scopes: string[];

OAuth scopes to request. For Azure managed identity, exactly one scope or resource is required. For example: ["api://{app_id}/.default"]