Files
lancedb/docs/src/js/interfaces/NativeOAuthConfig.md
Jack Ye 10fecdf051 feat(node): expose OAuth connection config (#3587)
Expose the merged Rust OAuth header provider through the Node/TypeScript
connection path.

Includes:
- Native OAuthConfig conversion for napi-rs
- ConnectionOptions.oauthConfig plumbing
- Public TypeScript OAuthConfig and OAuthFlowType exports
- Generated TypeScript API docs for the new config surface
- input-validation and debug-redaction coverage in the Rust binding
layer

Local validation: cargo fmt --all; git diff --check.
2026-06-29 16:55:45 -07:00

1.4 KiB

@lancedb/lancedbDocs


@lancedb/lancedb / NativeOAuthConfig

Interface: NativeOAuthConfig

OAuth configuration for LanceDB authentication.

This is the generated napi-rs binding shape. TypeScript users should prefer the public OAuthConfig type exported from @lancedb/lancedb.

All token acquisition and refresh is handled in the Rust layer.

Properties

clientId

clientId: string;

Application / Client ID.


clientSecret?

optional clientSecret: string;

Client secret (required for client_credentials).


flow?

optional flow: string;

Authentication flow: "client_credentials" or "azure_managed_identity"


issuerUrl

issuerUrl: string;

OIDC issuer URL or OAuth authority URL. For Azure: https://login.microsoftonline.com/{tenant_id}/v2.0


managedIdentityClientId?

optional managedIdentityClientId: string;

Client ID for user-assigned managed identity (azure_managed_identity).


refreshBufferSecs?

optional refreshBufferSecs: number;

Seconds before expiry to trigger proactive refresh (default: 300). Keep this well below the token TTL; if it is greater than or equal to the TTL, each request refreshes the token.


scopes

scopes: string[];

OAuth scopes to request. For Azure managed identity, exactly one scope or resource is required. For example: ["api://{app_id}/.default"]