Apr 14
Loading video player...
When you deploy an agent on LangSmith, you get a full agent server with 30+ API endpoints out of the box — threads, runs, assistants, a built-in store, A2A and MCP protocol support. But by default, everything is scoped to the API key. Any user can see every thread, every conversation. In this video, I show you how to add custom authentication to your deployment so that every user gets their own scoped threads, runs, and conversation history — enforced by the deployment itself. We'll use Supabase for auth, but you can plug in any provider (Auth0, Clerk, etc.). What we cover: - Why multi-tenancy matters for deployed agents - The auth.authenticate handler — validating tokens from your auth provider - The auth.on handler — automatically scoping resources per user - Permission-based access — restricting actions by role (e.g., only admins can create crons) - A full live demo with two users on the same deployment The entire auth layer is about 40 lines of Python — three decorators, no custom middleware. Links: - Repo: https://github.com/langchain-samples/lsd-custom-route-react-ui - LangSmith Deployments docs: https://docs.langchain.com/langsmith/deployments - Custom auth docs: https://docs.langchain.com/langsmith/auth - Supabase: https://supabase.com Chapters: 00:00 Intro 00:20 Agent Server with Basic Auth 02:38 Custom Authentication 03:28 Implementing Multi-Tenant Auth 09:48 Testing Locally 10:41 Deploying on LangSmith Deployment 12:15 Multi-Tenant Demo