@@ -720,13 +720,13 @@ You can configure Chroma to use authentication when in server/client mode only.
720720
721721Supported authentication methods:
722722
723- | Authentication Method | Basic Auth (Pre-emptive) |
724- | -----------------------| ---------------------------------------------------------------------------------------------------------------------------|
725- | Description | [ RFC 7617] ( https://www.rfc-editor.org/rfc/rfc7617 ) Basic Auth with ` user:password ` base64-encoded ` Authorization ` header. |
726- | Status | ` Alpha ` |
727- | Server-Side Support | ✅ ` Alpha ` |
728- | Client/Python | ✅ |
729- | Client/JS | ✅ |
723+ | Authentication Method | Basic Auth (Pre-emptive) | Static API Token |
724+ | -----------------------| ---------------------------------------------------------------------------------------------------------------------------| ----------------------------------------------------------------------------------------------- |
725+ | Description | [ RFC 7617] ( https://www.rfc-editor.org/rfc/rfc7617 ) Basic Auth with ` user:password ` base64-encoded ` Authorization ` header. | Static auth token in ` Authorization: Bearer <tokem> ` or in ` X-Chroma-Token: <token> ` headers. |
726+ | Status | ` Alpha ` | ` Alpha ` |
727+ | Server-Side Support | ✅ ` Alpha ` | ✅ ` Alpha ` |
728+ | Client/Python | ✅ | ✅ |
729+ | Client/JS | ✅ | ➖ |
730730
731731### Basic Authentication
732732
@@ -787,3 +787,58 @@ const client = new ChromaClient({auth: {provider: "basic", credentials: "admin:a
787787
788788</TabItem >
789789</Tabs >
790+
791+
792+ ### Static API Token Authentication
793+
794+ :::note Tokens
795+ Tokens must be alphanumeric ASCII strings. Tokens are case sensitive.
796+ :::
797+
798+ <Tabs queryString groupId =" lang " className =" hideTabSwitcher " >
799+ <TabItem value =" py " label =" Python " >
800+
801+ #### Server Setup
802+
803+ :::note Security Note
804+ Current implementation of static API token auth supports only ENV based tokens.
805+ :::
806+
807+ ##### Running the Server
808+
809+ Create a ` .chroma_env ` file with the following contents:
810+
811+ ``` ini title=".chroma_env"
812+ CHROMA_SERVER_AUTH_CREDENTIALS =" test-token"
813+ CHROMA_SERVER_AUTH_CREDENTIALS_PROVIDER =' chromadb.auth.token.TokenConfigServerAuthCredentialsProvider'
814+ CHROMA_SERVER_AUTH_PROVIDER =' chromadb.auth.token.TokenAuthServerProvider'
815+ ```
816+
817+ ``` bash
818+ docker-compose --env-file ./.chroma_env up -d --build
819+ ```
820+
821+ #### Client Setup
822+
823+ ``` python
824+ import chromadb
825+ from chromadb.config import Settings
826+
827+ client = chromadb.HttpClient(
828+ settings = Settings(chroma_client_auth_provider = " chromadb.auth.token.TokenAuthClientProvider"
829+ chroma_client_auth_credentials = " test-token"
830+ client.heartbeat() # this should work with or without authentication - it is a public endpoint
831+
832+ client.get_version() # this should work with or without authentication - it is a public endpoint
833+
834+ client.list_collections() # this is a protected endpoint and requires authentication
835+ ```
836+
837+ </TabItem >
838+ <TabItem value =" js " label =" JavaScript " >
839+
840+ :::info Not Available
841+ Authentication is not yet supported in JS
842+ :::
843+ </TabItem >
844+ </Tabs >
0 commit comments