Skip to main content

Email/password a.k.a. basic auth

LangSmith supports login via username/password with a few limitations:

  • You cannot change an existing installation from basic auth mode to OIDC or vice versa - installations must be either one or the other. A basic auth installation requires a completely fresh installation including a separate PostgreSQL database/schema, unless migrating from an existing None type installation (see below).
  • Users must be given their initial auto-generated password once they are invited. This password may be changed later by any Organization Admin.

Requirements and features

  • There is a single Default organization that is provisioned during initial installation, and creating additional organizations is not supported
  • Your initial password (configured below) must be least 12 characters long and have at least one lowercase, uppercase, and symbol
  • There are no strict requirements for the secret used for signing JWTs, but we recommend securely generating a string of at least 32 characters. For example: openssl rand -base64 32

Migrating from None auth

Only supported in versions 0.7 and above.

Migrating an installation from None auth mode replaces the single "default" user with a user with the configured credentials and keeps all existing resources. The single pre-existing workspace ID post-migration remains 00000000-0000-0000-0000-000000000000, but everything else about the migrated installation is standard for a basic auth installation.

To migrate, simply update your configuration as shown below and run helm upgrade (or docker-compose up) as usual.

Configuration

note

Changing the JWT secret will log out your users

config:
  authType: mixed
  basicAuth:
    enabled: true
    initialOrgAdminEmail: <YOUR EMAIL ADDRESS>
    initialOrgAdminPassword: <PASSWORD>
    jwtSecret: <SECRET>

Additionally, in docker-compose you will need to run the bootstrap command to create the initial organization and user:

docker-compose exec langchain-backend python hooks/auth_bootstrap.pyc

Once configured, you will see a login screen like the one below. You should be able to login with the initialOrgAdminEmail and initialOrgAdminPassword values, and your user will be auto-provisioned with role Organization Admin. See the admin guide for more details on organization roles.

LangSmith UI with basic auth

Was this page helpful?


You can leave detailed feedback on GitHub.