Attribute●Since v0.1

Authenticator

Type for authentication functions.

An authenticator can return either:

A string (user_id)
A dict containing {"identity": str, "permissions": list[str]}
An object with identity and permissions properties

Permissions can be used downstream by your authorization logic to determine access permissions to different resources.

The authenticate decorator will automatically inject any of the following parameters by name if they are included in your function signature:

Authenticator = Callable[..., Awaitable[MinimalUser | str | BaseUser | MinimalUserDict | typing.Mapping[str, typing.Any],]]

Basic authentication with token:

from langgraph_sdk import Auth

auth = Auth()

@auth.authenticate
async def authenticate1(authorization: str) -> Auth.types.MinimalUserDict:
    return await get_user(authorization)

Authentication with multiple parameters:

@auth.authenticate
async def authenticate2(
    method: str,
    path: str,
    headers: dict[str, bytes]
) -> Auth.types.MinimalUserDict:
    # Custom auth logic using method, path and headers
    user = verify_request(method, path, headers)
    return user

Accepting the raw ASGI request:

MY_SECRET = "my-secret-key"
@auth.authenticate
async def get_current_user(request: Request) -> Auth.types.MinimalUserDict:
    try:
        token = (request.headers.get("authorization") or "").split(" ", 1)[1]
        payload = jwt.decode(token, MY_SECRET, algorithms=["HS256"])
    except (IndexError, InvalidTokenError):
        raise HTTPException(
            status_code=401,
            detail="Invalid token",
            headers={"WWW-Authenticate": "Bearer"},
        )

    async with httpx.AsyncClient() as client:
        response = await client.get(
            f"https://api.myauth-provider.com/auth/v1/user",
            headers={"Authorization": f"Bearer {MY_SECRET}"}
        )
        if response.status_code != 200:
            raise HTTPException(status_code=401, detail="User not found")
                
        user_data = response.json()
        return {
            "identity": user_data["id"],
            "display_name": user_data.get("name"),
            "permissions": user_data.get("permissions", []),
            "is_authenticated": True,
        }

Parameters

Name	Type	Description
`request`*	`Request`	The raw ASGI request object
`body`*	`dict`	The parsed request body
`path`*	`str`	The request path
`method`*	`str`	The HTTP method (GET, POST, etc.)
`path_params`*	`dict[str, str] \| None`	URL path parameters
`query_params`*	`dict[str, str] \| None`	URL query parameters
`headers`*	`dict[str, bytes] \| None`	Request headers
`authorization`*	`str \| None`	The Authorization header value (e.g. "Bearer ")

View source on GitHub

Authenticator

Type for authentication functions.

An authenticator can return either:

A string (user_id)
A dict containing {"identity": str, "permissions": list[str]}
An object with identity and permissions properties

Permissions can be used downstream by your authorization logic to determine access permissions to different resources.

The authenticate decorator will automatically inject any of the following parameters by name if they are included in your function signature:

@auth.authenticate async def authenticate2( method: str, path: str, headers: dict[str, bytes] ) -> Auth.types.MinimalUserDict: # Custom auth logic using method, path and headers user = verify_request(method, path, headers) return user

MY_SECRET = "my-secret-key" @auth.authenticate async def get_current_user(request: Request) -> Auth.types.MinimalUserDict: try: token = (request.headers.get("authorization") or "").split(" ", 1)[1] payload = jwt.decode(token, MY_SECRET, algorithms=["HS256"]) except (IndexError, InvalidTokenError): raise HTTPException( status_code=401, detail="Invalid token", headers={"WWW-Authenticate": "Bearer"}, ) async with httpx.AsyncClient() as client: response = await client.get( f"https://api.myauth-provider.com/auth/v1/user", headers={"Authorization": f"Bearer {MY_SECRET}"} ) if response.status_code != 200: raise HTTPException(status_code=401, detail="User not found") user_data = response.json() return { "identity": user_data["id"], "display_name": user_data.get("name"), "permissions": user_data.get("permissions", []), "is_authenticated": True, }

Parameters

Name	Type	Description
`request`*	`Request`	The raw ASGI request object
`body`*	`dict`	The parsed request body
`path`*	`str`	The request path
`method`*	`str`	The HTTP method (GET, POST, etc.)
`path_params`*	`dict[str, str] \| None`	URL path parameters
`query_params`*	`dict[str, str] \| None`	URL query parameters
`headers`*	`dict[str, bytes] \| None`	Request headers
`authorization`*	`str \| None`	The Authorization header value (e.g. "Bearer ")

Authenticator

Parameters

LangChain Assistant

Menu

Authenticator

Parameters