[Core] Token Auth minor UX Improvements #58998
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 3 commits
November 26, 2025 09:42
Signed-off-by: sampan <sampan@anyscale.com>
Signed-off-by: sampan <sampan@anyscale.com>
sampan-s-nayak
commented
Nov 26, 2025
| try: | ||
| ensure_token_if_auth_enabled(system_config, create_token_if_missing=False) | ||
| except ray.exceptions.AuthenticationError: | ||
| raise RuntimeError( |
Contributor
Author
There was a problem hiding this comment.
@edoakes I removed this as this was throwing a nested stack trace:
ray start --head
Usage stats collection is enabled. To disable this, add `--disable-usage-stats` to the command that starts the cluster, or run the following command: `ray disable-usage-stats` before starting the cluster. See https://docs.ray.io/en/master/cluster/usage-stats.html for more details.
Local node IP: 172.31.5.49
Traceback (most recent call last):
File "/home/ubuntu/clone/ray/python/ray/scripts/scripts.py", line 946, in start
ensure_token_if_auth_enabled(system_config, create_token_if_missing=False)
File "/home/ubuntu/clone/ray/python/ray/_private/authentication/authentication_token_setup.py", line 101, in ensure_token_if_auth_enabled
raise AuthenticationError(
ray.exceptions.AuthenticationError: Token authentication is enabled but no authentication token was found.. Ensure that you have `RAY_AUTH_MODE=token` set and the token for the cluster is available as the `RAY_AUTH_TOKEN` environment variable or a local file. For more information, see: https://docs.ray.io/en/latest/ray-security/auth.html
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/ubuntu/.conda/envs/ray-dev/bin/ray", line 7, in <module>
sys.exit(main())
File "/home/ubuntu/clone/ray/python/ray/scripts/scripts.py", line 2822, in main
return cli()
File "/home/ubuntu/.conda/envs/ray-dev/lib/python3.10/site-packages/click/core.py", line 1442, in __call__
return self.main(*args, **kwargs)
File "/home/ubuntu/.conda/envs/ray-dev/lib/python3.10/site-packages/click/core.py", line 1363, in main
rv = self.invoke(ctx)
File "/home/ubuntu/.conda/envs/ray-dev/lib/python3.10/site-packages/click/core.py", line 1830, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/home/ubuntu/.conda/envs/ray-dev/lib/python3.10/site-packages/click/core.py", line 1226, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/home/ubuntu/.conda/envs/ray-dev/lib/python3.10/site-packages/click/core.py", line 794, in invoke
return callback(*args, **kwargs)
File "/home/ubuntu/clone/ray/python/ray/autoscaler/_private/cli_logger.py", line 823, in wrapper
return f(*args, **kwargs)
File "/home/ubuntu/clone/ray/python/ray/scripts/scripts.py", line 948, in start
raise RuntimeError(
RuntimeError: Failed to load authentication token. To generate a token for local development, use `ray get-auth-token --generate`. For remote clusters, ensure that the token is propagated to all nodes of the cluster when token authentication is enabled.
I feel exposing the AuthenticationError to users may be better than catching and throwing a new runtime exception. please let me know your thoughts
Contributor
Author
There was a problem hiding this comment.
I have included the message from the runtime error in the AuthenticationError so the message will still be quite helpful
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request introduces several valuable UX improvements for token authentication. The changes enhance error messages to be more informative, improve logging for token loading, and add crucial integration tests for the state API. The implementation is solid, and the new tests provide good coverage. I have a couple of minor suggestions to improve code style and robustness.
Signed-off-by: sampan <sampan@anyscale.com>
edoakes
approved these changes
Nov 26, 2025
SheldonTsen
pushed a commit
to SheldonTsen/ray
that referenced
this pull request
Dec 1, 2025
## Description - convert debug logs in authentication_token_loader to info so that users are aware of where the token being used is being loaded from - When we raise the `AuthenticationError`, if RAY_AUTH_MODE is not set to token we should explicitly print that in the error message - in error messages suggest storing tokens in filesystem instead of env - add state api tests in test_token_auth_integration.py --------- Signed-off-by: sampan <sampan@anyscale.com> Co-authored-by: sampan <sampan@anyscale.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
AuthenticationError, if RAY_AUTH_MODE is not set to token we should explicitly print that in the error message