LangChain Reference home pageLangChain ReferenceLangChain Reference
  • GitHub
  • Main Docs
Deep Agents
LangChain
LangGraph
Integrations
LangSmith
  • Overview
  • LangGraph Checkpoint
    LangGraph Store
    Checkpoint Postgres
    Store Postgres
    Checkpoint SQLite
    LangGraph Prebuilt
    LangGraph CLI
    LangGraph SDK
    LangGraph Supervisor
    LangGraph Swarm
    ⌘I

    LangChain Assistant

    Ask a question to get started

    Enter to send•Shift+Enter new line

    Menu

    LangGraph Checkpoint
    LangGraph Store
    Checkpoint Postgres
    Store Postgres
    Checkpoint SQLite
    LangGraph Prebuilt
    LangGraph CLI
    LangGraph SDK
    LangGraph Supervisor
    LangGraph Swarm
    Language
    Theme
    Pythonlanggraph-sdkauthtypesAuthenticator
    Attribute●Since v0.1

    Authenticator

    Copy
    Authenticator = Callable[..., Awaitable[MinimalUser | str | BaseUser | MinimalUserDict | typing.Mapping[
    View source on GitHub
    str
    ,
    typing
    .
    Any
    ]
    ,
    ]
    ]

    Parameters

    NameTypeDescription
    request*Request

    The raw ASGI request object

    body*dict

    The parsed request body

    path*str

    The request path

    method*str

    The HTTP method (GET, POST, etc.)

    path_params*dict[str, str] | None
    query_params*dict[str, str] | None
    headers*dict[str, bytes] | None
    authorization*str | None

    Type for authentication functions.

    An authenticator can return either:

    1. A string (user_id)
    2. A dict containing {"identity": str, "permissions": list[str]}
    3. An object with identity and permissions properties

    Permissions can be used downstream by your authorization logic to determine access permissions to different resources.

    The authenticate decorator will automatically inject any of the following parameters by name if they are included in your function signature:

    Basic authentication with token:

    from langgraph_sdk import Auth
    
    auth = Auth()
    
    @auth.authenticate
    async def authenticate1(authorization: str) -> Auth.types.MinimalUserDict:
        return await get_user(authorization)

    Authentication with multiple parameters:

    @auth.authenticate
    async def authenticate2(
        method: str,
        path: str,
        headers: dict[str, bytes]
    ) -> Auth.types.MinimalUserDict:
        # Custom auth logic using method, path and headers
        user = verify_request(method, path, headers)
        return user
    

    Accepting the raw ASGI request:

    MY_SECRET = "my-secret-key"
    @auth.authenticate
    async def get_current_user(request: Request) -> Auth.types.MinimalUserDict:
        try:
            token = (request.headers.get("authorization") or "").split(" ", 1)[1]
            payload = jwt.decode(token, MY_SECRET, algorithms=["HS256"])
        except (IndexError, InvalidTokenError):
            raise HTTPException(
                status_code=401,
                detail="Invalid token",
                headers={"WWW-Authenticate": "Bearer"},
            )
    
        async with httpx.AsyncClient() as client:
            response = await client.get(
                f"https://api.myauth-provider.com/auth/v1/user",
                headers={"Authorization": f"Bearer {MY_SECRET}"}
            )
            if response.status_code != 200:
                raise HTTPException(status_code=401, detail="User not found")
                    
            user_data = response.json()
            return {
                "identity": user_data["id"],
                "display_name": user_data.get("name"),
                "permissions": user_data.get("permissions", []),
                "is_authenticated": True,
            }

    URL path parameters

    URL query parameters

    Request headers

    The Authorization header value (e.g. "Bearer ")