db:// remote table:
- API keys — a long-lived shared secret passed as
api_keyon connect. Works in every SDK. - OAuth 2.0 — short-lived bearer tokens obtained from your identity provider, refreshed automatically by the client.
API key
Pass the API key from your Enterprise tenant onconnect. This works with both the synchronous and asynchronous Python clients, as well as TypeScript and Rust.
Python
OAuth
The async Python client and the TypeScript client can obtain bearer tokens from an OIDC issuer and attach them to every request. Token acquisition, caching, and refresh are handled inside the client — your application code only provides the configuration.In Python, OAuth is supported through
lancedb.connect_async. The synchronous connect entry point continues to use API key authentication for db:// URIs. In TypeScript, lancedb.connect accepts oauthConfig directly.Supported flows
OAuthFlowType selects how the client acquires tokens:
Configure OAuth
Build an OAuth config and pass it on connect. Useoauth_config in Python and oauthConfig in TypeScript.
Configuration reference
The same configuration is available in both SDKs. Python usessnake_case field names; TypeScript uses camelCase.