curl http://adb83896cdc8d45df833bb48ee424179-1487540750.us-east-1.elb.amazonaws.com:80/v1/meta -H “Authorization: Bearer secret1” | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 124 100 124 0 0 576 0 --:–:-- --:–:-- --:–:-- 579
{
“code”: 401,
“message”: “oidc auth is not configured, please try another auth scheme or set up weaviate with OIDC configured”
}
Hi!
Can you share the environment variables you have?
You probably have it misconfigured.
check here for references:
Thanks!
authentication:
anonymous_access:
enabled: false
This configuration allows to add API keys to Weaviate. This configuration allows only
plain text API Keys, if you want to store the API Keys in a Kubernetes secret you can
configure the same configuration with ENV Vars. Read the env section below on what
needs to be configured. If using ENV Vars over this make sure to comment out the whole
#apikey section (as it is by default). ENV Vars has priority over this config.
apikey:
enabled: true
# Any number of allowed API Keys as plain text
allowed_keys:
- readOnly-API-Key
- admin-API-Key
# You can either set a single user for all the listed Allowed API keys OR
# one user per API Key, i.e. length(apikey.allowed_keys) == length(apikey.users) OR
# length(apikey.users) == 1
# NOTE: Make sure the lister Users are added to the Authorization as well.
users:
- suknanda
- nkhaja
oidc:
enabled: false
# issuer: ‘’
# username_claim: ‘’
# groups_claim: ‘’
# client_id: ‘’
authorization:
admin_list:
enabled: true
users:
- suknanda
# - admin_user2
# - api-key-user-admin
read_only_users:
- nkhaja
# - readonly_user2
# - api-key-user-readOnly
##########################
API Keys with ENV Vars
##########################
If using ENV Vars to set up API Keys make sure to have authentication.apikey block commented out
to avoid any future changes. ENV Vars has priority over the config above authentication.apikey.
If using authentication.apikey the below ENV Vars will be used because they have priority,
so comment them out to avoid any future changes.
Enables API key authentication. If it is set to ‘false’ the AUTHENTICATION_APIKEY_ALLOWED_KEYS
and AUTHENTICATION_APIKEY_USERS will not have any effect.
AUTHENTICATION_APIKEY_ENABLED: ‘true’
List one or more keys, separated by commas. Each key corresponds to a specific user identity below.
If you want to use a kubernetes secret for the API Keys comment out this Variable and use the one in envSecrets below
AUTHENTICATION_APIKEY_ALLOWED_KEYS: ‘jane-secret-key,ian-secret-key’ (plain text)
AUTHENTICATION_APIKEY_ALLOWED_KEYS: ‘secret1,secret2’
List one or more user identities, separated by commas. You can have only one User for all the keys or one user per key.
The User/s can be a simple name or an email, no matter if it exists or not.
NOTE: Make sure to add the users to the authorization above overwise they will not be allowed to interact with Weaviate.
AUTHENTICATION_APIKEY_USERS: ‘jane@doe.com,ian-smith’
AUTHENTICATION_APIKEY_USERS: ‘suknanda,nkhaja’
AUTHORIZATION_ADMINLIST_ENABLED: ‘true’
AUTHORIZATION_ADMINLIST_USERS: ‘suknanda,nkhaja’
AUTHORIZATION_ADMINLIST_READONLY_USERS: ‘nkhaja1’
AUTHENTICATION_OIDC_ISSUER: “https://auth.wcs.api.weaviate.io/auth/realms/SeMI”
AUTHENTICATION_OIDC_ENABLED: ‘true’
AUTHENTICATION_OIDC_CLIENT_ID: ‘wcs’
AUTHENTICATION_OIDC_USERNAME_CLAIM: ‘email’
hi, not sure I understood.
Are you using k8s or docker compose?
We have been using EKS on aws.
Do you want to use OIDC?
Have you tried commenting out those:
AUTHENTICATION_OIDC_ISSUER: “https://auth.wcs.api.weaviate.io/auth/realms/SeMI”
AUTHENTICATION_OIDC_ENABLED: ‘true’
AUTHENTICATION_OIDC_CLIENT_ID: ‘wcs’
AUTHENTICATION_OIDC_USERNAME_CLAIM: ‘email’
?
Latest values.yaml :
##########################
API Keys with ENV Vars
##########################
If using ENV Vars to set up API Keys make sure to have authentication.apikey block commented out
to avoid any future changes. ENV Vars has priority over the config above authentication.apikey.
If using authentication.apikey the below ENV Vars will be used because they have priority,
so comment them out to avoid any future changes.
Enables API key authentication. If it is set to ‘false’ the AUTHENTICATION_APIKEY_ALLOWED_KEYS
and AUTHENTICATION_APIKEY_USERS will not have any effect.
AUTHENTICATION_APIKEY_ENABLED: ‘true’
List one or more keys, separated by commas. Each key corresponds to a specific user identity below.
If you want to use a kubernetes secret for the API Keys comment out this Variable and use the one in envSecrets below
AUTHENTICATION_APIKEY_ALLOWED_KEYS: ‘jane-secret-key,ian-secret-key’ (plain text)
AUTHENTICATION_APIKEY_ALLOWED_KEYS: ‘secret1,secret2’
List one or more user identities, separated by commas. You can have only one User for all the keys or one user per key.
The User/s can be a simple name or an email, no matter if it exists or not.
NOTE: Make sure to add the users to the authorization above overwise they will not be allowed to interact with Weaviate.
AUTHENTICATION_APIKEY_USERS: ‘jane@doe.com,ian-smith’
AUTHENTICATION_APIKEY_USERS: ‘suknanda,nkhaja’
AUTHORIZATION_ADMINLIST_ENABLED: ‘true’
AUTHORIZATION_ADMINLIST_USERS: ‘suknanda,nkhaja’
AUTHORIZATION_ADMINLIST_READONLY_USERS: ‘nkhaja1’
authentication:
anonymous_access:
enabled: false
apikey:
enabled: true
# Any number of allowed API Keys as plain text
allowed_keys:
- adminkey
# You can either set a single user for all the listed Allowed API keys OR
# one user per API Key, i.e. length(apikey.allowed_keys) == length(apikey.users) OR
# length(apikey.users) == 1
# NOTE: Make sure the lister Users are added to the Authorization as well.
users:
- suknanda
- nkhaja
oidc:
enabled: false
#issuer: ‘’
#username_claim: ‘’
#groups_claim: ‘’
#client_id: ‘’
authorization:
admin_list:
enabled: true
users:
- suknanda
# - admin_user2
# - api-key-user-admin
read_only_users:
- nkhaja
# - readonly_user2
# - api-key-user-readOnly
Validation script
$ cat auth2.py
import weaviate
The URL to your Weaviate instance
weaviate_url = “http://adb83896cdc8d45df833bb48ee424179-1487540750.us-east-1.elb.amazonaws.com:80”
API keys
#admin_api_key = “adminkey” # Make sure this matches an allowed key from your config
admin_api_key = “secret1” # Make sure this matches an allowed key from your config
Create admin client
admin_client = weaviate.Client(url=weaviate_url,auth_api_key=(admin_api_key,“”)) # Use the correct parameter for the API key
Get and print the status of the cluster nodes
try:
nodes_status = admin_client.cluster.get_nodes_status()
print(nodes_status)
except weaviate.exceptions.UnexpectedStatusCodeError as e:
print(f"Authorization failed: {e}")
$ python auth2.py
Traceback (most recent call last):
File “C:\Users\suknanda\terraform\eks\weaviate\auth2.py”, line 11, in
admin_client = weaviate.Client(url=weaviate_url,auth_api_key=(admin_api_key,“”)) # Use the correct parameter for the API key
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: Client.init() got an unexpected keyword argument ‘auth_api_key’
Hi! can you try using the new python version? This is how you can do it with it:
You are using the python v3, and this is how you should initialize it:
for instance:
import weaviate
auth_config = weaviate.auth.AuthApiKey(api_key="YOUR-WEAVIATE-API-KEY") # Replace with your Weaviate instance API key
# Instantiate the client with the auth config
client = weaviate.Client(
url="https://WEAVIATE_INSTANCE_URL", # Replace with your Weaviate endpoint
auth_client_secret=auth_config
)