Expose the merged Rust OAuth header provider through the Node/TypeScript connection path. Includes: - Native OAuthConfig conversion for napi-rs - ConnectionOptions.oauthConfig plumbing - Public TypeScript OAuthConfig and OAuthFlowType exports - Generated TypeScript API docs for the new config surface - input-validation and debug-redaction coverage in the Rust binding layer Local validation: cargo fmt --all; git diff --check.
1.4 KiB
@lancedb/lancedb • Docs
@lancedb/lancedb / NativeOAuthConfig
Interface: NativeOAuthConfig
OAuth configuration for LanceDB authentication.
This is the generated napi-rs binding shape. TypeScript users should prefer
the public OAuthConfig type exported from @lancedb/lancedb.
All token acquisition and refresh is handled in the Rust layer.
Properties
clientId
clientId: string;
Application / Client ID.
clientSecret?
optional clientSecret: string;
Client secret (required for client_credentials).
flow?
optional flow: string;
Authentication flow: "client_credentials" or "azure_managed_identity"
issuerUrl
issuerUrl: string;
OIDC issuer URL or OAuth authority URL.
For Azure: https://login.microsoftonline.com/{tenant_id}/v2.0
managedIdentityClientId?
optional managedIdentityClientId: string;
Client ID for user-assigned managed identity (azure_managed_identity).
refreshBufferSecs?
optional refreshBufferSecs: number;
Seconds before expiry to trigger proactive refresh (default: 300). Keep this well below the token TTL; if it is greater than or equal to the TTL, each request refreshes the token.
scopes
scopes: string[];
OAuth scopes to request. For Azure managed identity, exactly one scope
or resource is required. For example: ["api://{app_id}/.default"]