Expose the merged Rust OAuth header provider through the Node/TypeScript connection path. Includes: - Native OAuthConfig conversion for napi-rs - ConnectionOptions.oauthConfig plumbing - Public TypeScript OAuthConfig and OAuthFlowType exports - Generated TypeScript API docs for the new config surface - input-validation and debug-redaction coverage in the Rust binding layer Local validation: cargo fmt --all; git diff --check.
1.9 KiB
@lancedb/lancedb • Docs
@lancedb/lancedb / OAuthConfig
Interface: OAuthConfig
OAuth configuration for LanceDB authentication.
This is the public TypeScript OAuth configuration type. The generated
NativeOAuthConfig type has the same runtime shape but is an implementation
detail of the napi-rs binding.
All token acquisition and refresh is handled in the Rust layer. This config is passed through to Rust via napi-rs.
Examples
const config: OAuthConfig = {
issuerUrl: "https://login.microsoftonline.com/{tenant}/v2.0",
clientId: "app-id",
clientSecret: "secret",
scopes: ["api://lancedb-api/.default"],
};
const config: OAuthConfig = {
issuerUrl: "https://login.microsoftonline.com/{tenant}/v2.0",
clientId: "app-id",
scopes: ["api://lancedb-api/.default"],
flow: OAuthFlowType.AzureManagedIdentity,
};
Properties
clientId
clientId: string;
Application / Client ID.
clientSecret?
optional clientSecret: string;
Client secret (required for ClientCredentials).
flow?
optional flow: OAuthFlowType;
Authentication flow (default: ClientCredentials).
issuerUrl
issuerUrl: string;
OIDC issuer URL or OAuth authority URL.
For Azure: https://login.microsoftonline.com/{tenant_id}/v2.0
managedIdentityClientId?
optional managedIdentityClientId: string;
Client ID for user-assigned managed identity (AzureManagedIdentity).
refreshBufferSecs?
optional refreshBufferSecs: number;
Seconds before expiry to trigger proactive refresh (default: 300). Keep this well below the token TTL; if it is greater than or equal to the TTL, each request refreshes the token.
scopes
scopes: string[];
OAuth scopes to request.
For Azure managed identity, exactly one scope or resource is required.
For example: ["api://{app_id}/.default"]