Email/password a.k.a. basic auth
LangSmith supports login via username/password with a few limitations:
- You cannot change an existing installation from basic auth mode to OIDC or vice versa - installations must be either one or the other. A basic auth installation requires a completely fresh installation including a separate PostgreSQL database/schema, unless migrating from an existing
None
type installation (see below). - Users must be given their initial auto-generated password once they are invited. This password may be changed later by any Organization Admin.
Requirements and features
- There is a single
Default
organization that is provisioned during initial installation, and creating additional organizations is not supported - Your initial password (configured below) must be least 12 characters long and have at least one lowercase, uppercase, and symbol
- There are no strict requirements for the secret used for signing JWTs, but we recommend securely generating a string of at least 32 characters. For example:
openssl rand -base64 32
Migrating from None auth
Only supported in versions 0.7 and above.
Migrating an installation from None auth mode replaces the single "default" user with a user with the configured credentials and keeps all existing resources.
The single pre-existing workspace ID post-migration remains 00000000-0000-0000-0000-000000000000
, but everything else about the migrated installation is standard for a basic auth installation.
To migrate, simply update your configuration as shown below and run helm upgrade
(or docker-compose up
) as usual.
Configuration
Changing the JWT secret will log out your users
- Helm
- Docker
config:
authType: mixed
basicAuth:
enabled: true
initialOrgAdminEmail: <YOUR EMAIL ADDRESS>
initialOrgAdminPassword: <PASSWORD> # Must be at least 12 characters long and have at least one lowercase, uppercase, and symbol
jwtSecret: <SECRET>
# In your .env file
AUTH_TYPE=mixed
BASIC_AUTH_ENABLED=true
INITIAL_ORG_ADMIN_EMAIL=<YOUR EMAIL ADDRESS>
INITIAL_ORG_ADMIN_PASSWORD=<PASSWORD> # Must be at least 12 characters long and have at least one lowercase, uppercase, and symbol
BASIC_AUTH_JWT_SECRET=<SECRET>
Additionally, in docker-compose you will need to run the bootstrap command to create the initial organization and user:
docker-compose exec langchain-backend python hooks/auth_bootstrap.pyc
Once configured, you will see a login screen like the one below. You should be able to login with the initialOrgAdminEmail
and initialOrgAdminPassword
values, and your user will be auto-provisioned with role Organization Admin
. See the admin guide for more details on organization roles.