Email/password a.k.a. basic auth (beta)

LangSmith supports login via username/password with a few limitations during the beta period:

• You cannot change an existing installation from basic auth mode to OIDC or vice versa - installations must be either one or the other. A basic auth installation requires a completely fresh installation including a separate PostgreSQL database/schema, unless migrating from an existing None type installation (see below).
• Users must be given their initial auto-generated password once they are invited. This password may be changed later by any Organization Admin.

Requirements and features

• There is a single Default organization that is provisioned during initial installation, and creating additional organizations is not supported
• Your initial password (configured below) must be least 12 characters long and have at least one lowercase, uppercase, and symbol
• There are no strict requirements for the secret used for signing JWTs, but we recommend securely generating a string of at least 32 characters. For example: openssl rand -base64 32

Migrating from None auth

Only supported in versions 0.7 and above.

Migrating an installation from None auth mode replaces the single "default" user with a user with the configured credentials and keeps all existing resources. The single pre-existing workspace ID post-migration remains 00000000-0000-0000-0000-000000000000, but everything else about the migrated installation is standard for a basic auth installation.

To migrate, simply update your configuration as shown below and run helm upgrade (or docker-compose up) as usual.

Configuration

note

Changing the JWT secret will log out your users

Helm

config:
  authType: mixed
  basicAuth:
    enabled: true
    initialOrgAdminEmail: <YOUR EMAIL ADDRESS>
    initialOrgAdminPassword: <PASSWORD>
    jwtSecret: <SECRET>

Docker

# In your .env file
AUTH_TYPE=mixed
BASIC_AUTH_ENABLED=true
INITIAL_ORG_ADMIN_EMAIL=<YOUR EMAIL ADDRESS>
INITIAL_ORG_ADMIN_PASSWORD=<PASSWORD>
BASIC_AUTH_JWT_SECRET=<SECRET>

Once configured, you will see a login screen like the one below. You should be able to login with the initialOrgAdminEmail and initialOrgAdminPassword values, and your user will be auto-provisioned with role Organization Admin. See the admin guide for more details on organization roles.