bluesky · DiamondJoseph · Mar 14, 2025 · Mar 14, 2025 · Mar 14, 2025 · Mar 14, 2025
diff --git a/docs/source/conf.py b/docs/source/conf.py
@@ -80,6 +80,7 @@
 # built documents.
 #
 import tiled
+from tiled.server.settings import Settings
 
 # The short X.Y version.
 version = tiled.__version__
@@ -287,7 +288,9 @@ def parse_schema(d, md=[], depth=0, pre=""):
 from tiled.authenticators import DummyAuthenticator
 from tiled.server.app import build_app
 
-app = build_app(MapAdapter({}), authentication={"authenticator": DummyAuthenticator()})
+app = build_app(
+    MapAdapter({}), server_settings=Settings(authenticator=DummyAuthenticator())
+)
 api = app.openapi()
 
 with open("reference/api.yml", "w") as file:

diff --git a/docs/source/explanations/access-control.md b/docs/source/explanations/access-control.md
@@ -78,13 +78,12 @@ from tiled.scopes import PUBLIC_SCOPES
 response_cache = cachetools.TTLCache(maxsize=10_000, ttl=60)
 
 
-class PASSAccessPolicy:
+class PASSAccessPolicy(AccessPolicy):
     """
     access_control:
-      access_policy: pass_access_policy:PASSAccessPolicy
-      args:
-        url: ...
-        beamline: ...
+      type: pass_access_policy:PASSAccessPolicy
+      url: ...
+      beamline: ...
     """
 
     def __init__(self, url, beamline, provider):

diff --git a/docs/source/explanations/security.md b/docs/source/explanations/security.md
@@ -50,8 +50,7 @@ TILED_SINGLE_USER_API_KEY=YOUR_SECRET tiled serve ...
 or via the configuration parameter
 
 ```yaml
-authentication:
-  single_user_api_key: "..."
+single_user_api_key: "..."
 ```
 
 When the secret is set manually it this way, it is *not* logged in the terminal.
@@ -102,19 +101,18 @@ tiled serve config ...
 include the configuration:
 
 ```yaml
-authentication:
-  allow_anonymous_access: true
+allow_anonymous_access: true
 ```
 
 This is a complete working example:
 
 ```yaml
 # config.yml
-authentication:
-  allow_anonymous_access: true
+allow_anonymous_access: true
 trees:
   - path: /
-    tree: tiled.examples.generated_minimal:tree
+    tree:
+      type: tiled.examples.generated_minimal:tree
 ```
 
 ```
@@ -172,26 +170,20 @@ using a username and password. It requires one additional dependency:
 pip install pamela
 ```
 
-The configuration file(s) should include:
-
-```yaml
-authentication:
-  authenticator: tiled.authenticators:PAMAuthenticator
-```
-
 Here is a complete working example:
 
 ```yaml
 # pam_config.yml
-authentication:
-  providers:
-    - authenticator: tiled.authenticators:PAMAuthenticator
-      # This 'provider' can be any string; it is used to differentiate
-      # authentication providers when multiple ones are supported.
-      provider: local
+authenticators:
+  - authenticator:
+      type: tiled.authenticators:PAMAuthenticator
+    # This 'provider' can be any string; it is used to differentiate
+    # authentication providers when multiple ones are supported.
+    provider: local
 trees:
   - path: /
-    tree: tiled.examples.generated_minimal:tree
+    tree:
+      type: tiled.examples.generated_minimal:tree
 ```
 
 ```
@@ -248,19 +240,18 @@ pip install httpx
 The configuration file(s) must include the following.
 
 ```yaml
-authentication:
-  providers:
-  - provider: example.com
-    authenticator: tiled.authenticators:OIDCAuthenticator
-    args:
-      # Values should come from your OIDC provider configuration
-      # The audience claim is checked by the OIDC Client (Tiled)
-      # It checks that the Authentication header that you are passed has not been intercepted
-      # And that elevated claims from other services do not apply here
-      audience: tiled  # something unique to ensure received headers are for you
-      client_id: tiled_client
-      client_secret: ${OIDC_CLIENT_SECRET} # referencing an environment variable
-      well_known_uri: example.com/.well-known/openid-configuration
+authenticators:
+- provider: example.com
+  authenticator:
+    type: tiled.authenticators:OIDCAuthenticator
+    # Values should come from your OIDC provider configuration
+    # The audience claim is checked by the OIDC Client (Tiled)
+    # It checks that the Authentication header that you are passed has not been intercepted
+    # And that elevated claims from other services do not apply here
+    audience: tiled  # something unique to ensure received headers are for you
+    client_id: tiled_client
+    client_secret: ${OIDC_CLIENT_SECRET} # referencing an environment variable
+    well_known_uri: example.com/.well-known/openid-configuration
 ```
 
 There are example configurations for ORCID and Google in the directory
@@ -279,18 +270,18 @@ should only for used for development and demos.
 
 ```yaml
 # dictionary_config.yml
-authentication:
-  providers:
-  - provider: toy
-    authenticator: tiled.authenticators:DictionaryAuthenticator
-    args:
-      users_to_passwords:
-        alice: ${ALICE_PASSWORD}
-        bob: ${BOB_PASSWORD}
-        cara: ${CARA_PASSWORD}
+authenticators:
+- provider: toy
+  authenticator:
+    type: tiled.authenticators:DictionaryAuthenticator
+    users_to_passwords:
+      alice: ${ALICE_PASSWORD}
+      bob: ${BOB_PASSWORD}
+      cara: ${CARA_PASSWORD}
 trees:
   - path: /
-    tree: tiled.examples.generated_minimal:tree
+    tree:
+      type: tiled.examples.generated_minimal:tree
 ```
 
 ```
@@ -301,13 +292,14 @@ The ``DummyAuthenticator`` accepts *any* username and password combination.
 
 ```yaml
 # dummy_config.yml
-authentication:
-  providers:
-  - provider: toy
-    authenticator: tiled.authenticators:DummyAuthenticator
+authenticators:
+- provider: toy
+  authenticator:
+    type: tiled.authenticators:DummyAuthenticator
 trees:
   - path: /
-    tree: tiled.examples.generated_minimal:tree
+    tree:
+      type: tiled.examples.generated_minimal:tree
 ```
 
 ```
@@ -326,8 +318,7 @@ To make such entries visible to *anonymous*, unauthenticated users as well,
 include the configuration:
 
 ```yaml
-authentication:
-  allow_anonymous_access: true
+allow_anonymous_access: true
 ```
 
 See also {doc}`../reference/service-configuration`.
diff --git a/docs/source/explanations/specialized-formats.md b/docs/source/explanations/specialized-formats.md
@@ -85,11 +85,11 @@ Now take the following simple server configuration:
 # config.yml
 trees:
   - path: /
-    tree: tiled.catalog:from_uri
-    args:
+    tree:
+      type: tiled.catalog:from_uri
       uri: ./catalog.db
-        readable_storage:
-          - ./data/
+      readable_storage:
+        - ./data/
       adapters_by_mimetype:
         application/x-xdi: tiled.examples.xdi:read_xdi
 ```
@@ -206,11 +206,11 @@ Add new sections to the configuration as follows.
 ```yaml
 trees:
   - path: /
-    tree: tiled.catalog:from_uri
-    args:
+    tree:
+      type: tiled.catalog:from_uri
       uri: ./catalog.db
       readable_storage:
-        - ./data/
+      - ./data/
       adapters_by_mimetype:
         application/x-xdi: tiled.examples.xdi:read_xdi
 media_types:

diff --git a/docs/source/how-to/custom-export-formats.md b/docs/source/how-to/custom-export-formats.md
@@ -74,7 +74,8 @@ media_types:
 # And provide some example data to try it with....
 trees:
   - path: /
-    tree: tiled.examples.generated_minimal:tree
+    tree:
+      type: tiled.examples.generated_minimal:tree
 ```
 
 The term `application/x-smileys` is a "media type", also known as "MIME type".
@@ -174,7 +175,8 @@ media_types:
     image/jpeg: custom_exporters:to_jpeg
 trees:
   - path: /
-    tree: tiled.examples.generated_minimal:tree
+    tree:
+      type: tiled.examples.generated_minimal:tree
 ```
 
 Start the server again

diff --git a/docs/source/how-to/direct-client.md b/docs/source/how-to/direct-client.md
@@ -45,7 +45,7 @@ config = {
     "trees": [
         {
              "path": "/",
-             "tree": "tiled.examples.generated_minimal:tree",
+             "tree": {"type": "tiled.examples.generated_minimal:tree"},
         }
 }
 app = build_app_from_config(config)
@@ -56,7 +56,7 @@ client = from_context(context)
 From a configuration file:
 
 ```py
-config = parse_configs("path/to/config.yml")
+config: Settings = parse_config("path/to/config.yml")
 app = build_app_from_config(config)
 context = Context.from_app(app)
 client = from_context(context)

diff --git a/docs/source/how-to/profiles.md b/docs/source/how-to/profiles.md
@@ -171,8 +171,8 @@ my_profile:
   direct:
      trees:
        - path: /
-         tree: tiled.catalog:from_uri
-         args:
+         tree:
+           type: tiled.catalog:from_uri
            uri: "/path/to/catalog.db"
 ```
 
@@ -186,10 +186,10 @@ usual client-side configuration, such as
 my_profile:
   direct:
     trees:
-      - path: /
-        tree: tiled.catalog:from_uri
-        args:
-          directory: "/path/to/catalog.db"
+    - path: /
+      tree:
+        type: tiled.catalog:from_uri
+        directory: "/path/to/catalog.db"
   cache:
     capacity: 2_000_000_000 # 2 GB
 ```

diff --git a/docs/source/how-to/read-custom-formats.md b/docs/source/how-to/read-custom-formats.md
@@ -243,14 +243,14 @@ needed.
 ```yaml
 # config.yml
 trees:
-  - tree: catalog
-    path: /
-    args:
-      uri: ./catalog.db
-      readable_storage:
-        - path/to/directory
-      adapters_by_mimetype:
-        application/x-stuff: custom:read_custom_format
+- path: /
+  tree:
+    type: catalog
+    uri: ./catalog.db
+    readable_storage:
+      - path/to/directory
+    adapters_by_mimetype:
+      application/x-stuff: custom:read_custom_format
 ```
 
 We then use the configuration file like this:

diff --git a/docs/source/reference/authentication.md b/docs/source/reference/authentication.md
@@ -195,10 +195,9 @@ These are tuned, respectively, by the following configuration parameters,
 given in units of seconds. The default values are shown.
 
 ```yaml
-authentication:
-    refresh_token_max_age: 604800  # one week
-    session_max_age: 31536000  # 365 days
-    access_token_max_age: 900  # 15 minutes
+refresh_token_max_age: 604800  # one week
+session_max_age: 31536000  # 365 days
+access_token_max_age: 900  # 15 minutes
 ```
 
 and may also be set via the environment:
@@ -237,28 +236,25 @@ With ``python``:
 Apply it by including the configuration
 
 ```yaml
-authentication:
-    secret_keys:
-        - "SECRET"
+secret_keys:
+- "SECRET"
 ```
 
 or by setting the ``TILED_SECRET_KEYS`` environment variable.
 
 If you prefer, you can extract the keys from the environment like:
 
 ```yaml
-authentication:
-    secret_keys:
-        - "${SECRET}"  # will be replaced by the environment variable
+secret_keys:
+- "${SECRET}"  # will be replaced by the environment variable
 ```
 
 To rotate keys with a smooth transition, provide multiple keys
 
 ```yaml
-authentication:
-    secret_keys:
-        - "NEW_SECRET"
-        - "OLD_SECRET"
+secret_keys:
+- "NEW_SECRET"
+- "OLD_SECRET"
 ```
 
 or set ``TILED_SECRET_KEYS`` as a json list, e.g.

diff --git a/docs/source/reference/service.md b/docs/source/reference/service.md
@@ -115,8 +115,7 @@ See {doc}`../explanations/structures` for more context.
 .. autosummary::
    :toctree: generated
 
-   tiled.config.parse_configs
-   tiled.config.construct_build_app_kwargs
+   tiled.config.parse_config
 ```
 ## HTTP Server Application