Custom Authentication and Access Control for LangGraph Platform

LangGraph Cloud and self-hosted environments now support custom authentication and resource-level access control, allowing developers to integrate their own auth providers and implement granular access patterns directly in their LangGraph applications. This feature enables teams to validate credentials using their own auth systems, scope conversations to specific users, add OAuth support for end-user authentication, and implement role-based access control (RBAC). The system centers around the Auth object, which provides two key capabilities: authentication and authorization. With authentication alone, non-credentialed requests are rejected, while authenticated users can access all resources until resource ownership is introduced through authorization handlers. Authorization event handlers have three main jobs: add metadata to resources being created, return filters for resource access, and reject requests from unauthorized users. To use custom auth, developers need to add an auth configuration to their langgraph.json file, pointing to the auth variable name and path in their app deployment. This feature is currently available for Python deployments only, with support for JavaScript deployments coming soon.