@uipath/auth 1.195.0 → 1.196.0

package/dist/authContext.d.ts

@@ -1,3 +1,4 @@
+import { type GetLoginStatusOptions, type LoginStatus } from "./loginStatus";
 export interface AuthContext {
     baseUrl: string;
     accessToken: string;
@@ -13,5 +14,26 @@ export interface GetAuthContextOptions {
     requireOrganizationName?: boolean;
     requireTenantId?: boolean;
     requireTenantName?: boolean;
+    /**
+     * Resolve credentials from this exact `.uipath/.auth` path instead of the
+     * default cwd→ancestors→home walk-up. Lets an in-process host (e.g. the VS
+     * Code extension) pin auth to a specific file — the same `envFilePath`
+     * {@link getLoginStatusAsync} already accepts — so concurrent operations
+     * against different credential files don't cross-contaminate.
+     */
+    envFilePath?: string;
 }
 export declare const getAuthContext: (options?: GetAuthContextOptions) => Promise<AuthContext>;
+export interface AuthEnvResult {
+    /** UiPath credential env vars to merge into a subprocess env. Empty when not logged in. */
+    authEnv: Record<string, string>;
+    /** The login status used to build {@link authEnv}, or undefined when it could not be read. */
+    loginStatus?: LoginStatus;
+}
+/**
+ * Build UiPath credential env vars from the live `uip login` status, for
+ * injecting into a spawned process. The token is refreshed so the child gets
+ * a valid bearer token, not a stale one off disk. Never throws: returns an
+ * empty `authEnv` when there is no usable login.
+ */
+export declare const getAuthEnv: (options?: GetLoginStatusOptions) => Promise<AuthEnvResult>;

package/dist/index.browser.js

@@ -328,11 +328,11 @@ var parseResourceUrl = (url) => {
   if (error || !parsed)
     return;
   const segments = parsed.pathname.split("/").filter(Boolean);
-  const organizationName = segments[0];
-  const tenantName = segments[1];
-  if (!organizationName || !tenantName)
-    return;
-  return { baseUrl: parsed.origin, organizationName, tenantName };
+  return {
+    baseUrl: parsed.origin,
+    organizationName: segments[0],
+    tenantName: segments[1]
+  };
 };
 var defaultLoadModule = async () => {
   const [error, mod] = await catchError(() => import("@uipath/robot-client"));
@@ -383,6 +383,7 @@ var tryRobotClientFallback = async (options = {}) => {
     }
     let organizationIdFromToken;
     let tenantIdFromToken;
+    let issuerFromToken;
     const [jwtError, claims] = catchError(() => parseJWT(accessToken));
     if (!jwtError && claims) {
       const rawOrgId = claims.prtId ?? claims.organizationId ?? claims.prt_id;
@@ -393,6 +394,10 @@ var tryRobotClientFallback = async (options = {}) => {
       if (typeof tenantClaim === "string" && tenantClaim.length > 0) {
         tenantIdFromToken = tenantClaim;
       }
+      const issClaim = claims.iss;
+      if (typeof issClaim === "string" && issClaim.length > 0) {
+        issuerFromToken = issClaim;
+      }
     }
     printNoticeOnce();
     return {
@@ -401,7 +406,8 @@ var tryRobotClientFallback = async (options = {}) => {
       organizationName: parsedUrl.organizationName,
       organizationId: organizationIdFromToken ?? parsedUrl.organizationName,
       tenantName: parsedUrl.tenantName,
-      tenantId: tenantIdFromToken
+      tenantId: tenantIdFromToken,
+      issuer: issuerFromToken
     };
   } catch {
     return;
@@ -503,7 +509,7 @@ var probeAsync = async (fs, candidate) => {
     };
   }
 };
-var resolveEnvFileLocationAsync = async (envFilePath = DEFAULT_ENV_FILENAME) => {
+var resolveEnvFileLocationAsync = async (envFilePath = DEFAULT_ENV_FILENAME, opts) => {
   const fs = getFileSystem2();
   if (fs.path.isAbsolute(envFilePath)) {
     const probe2 = await probeAsync(fs, envFilePath);
@@ -514,7 +520,7 @@ var resolveEnvFileLocationAsync = async (envFilePath = DEFAULT_ENV_FILENAME) =>
       ...probe2.unusable ? { unusable: probe2.unusable } : {}
     };
   }
-  const cwd = fs.env.cwd();
+  const cwd = opts?.cwd ?? fs.env.cwd();
   let searchDir = cwd;
   while (true) {
     const candidate = fs.path.join(searchDir, envFilePath);
@@ -544,8 +550,8 @@ var resolveEnvFileLocationAsync = async (envFilePath = DEFAULT_ENV_FILENAME) =>
     ...probe.unusable ? { unusable: probe.unusable } : {}
   };
 };
-var resolveEnvFilePathAsync = async (envFilePath = DEFAULT_ENV_FILENAME) => {
-  const location = await resolveEnvFileLocationAsync(envFilePath);
+var resolveEnvFilePathAsync = async (envFilePath = DEFAULT_ENV_FILENAME, opts) => {
+  const location = await resolveEnvFileLocationAsync(envFilePath, opts);
   if (location.exists) {
     return { absolutePath: location.absolutePath };
   }
@@ -782,6 +788,7 @@ var getLoginStatusWithDeps = async (options = {}, deps = {}) => {
       organizationId: robotCreds.organizationId,
       tenantName: robotCreds.tenantName,
       tenantId: robotCreds.tenantId,
+      issuer: robotCreds.issuer,
       expiration: expiration2,
       source: "robot" /* Robot */
     };
@@ -803,6 +810,7 @@ var getLoginStatusWithDeps = async (options = {}, deps = {}) => {
         organizationId: robotCreds.organizationId,
         tenantName: robotCreds.tenantName,
         tenantId: robotCreds.tenantId,
+        issuer: robotCreds.issuer,
         expiration: expiration2,
         source: "robot" /* Robot */
       };
@@ -960,7 +968,8 @@ var getLoginStatusAsync = async (options = {}) => {
 // src/authContext.ts
 var getAuthContext = async (options = {}) => {
   const status = await getLoginStatusAsync({
-    ensureTokenValidityMinutes: options.ensureTokenValidityMinutes
+    ensureTokenValidityMinutes: options.ensureTokenValidityMinutes,
+    envFilePath: options.envFilePath
   });
   if (status.loginStatus !== "Logged in" || !status.baseUrl || !status.accessToken) {
     throw new Error(status.hint ? `Not logged in. ${status.hint}` : "Not logged in. Run 'uip login' first.");
@@ -987,6 +996,34 @@ var getAuthContext = async (options = {}) => {
     tenantName
   };
 };
+var getAuthEnv = async (options = {}) => {
+  const authEnv = {};
+  let status;
+  try {
+    status = await getLoginStatusAsync(options);
+  } catch {
+    return { authEnv };
+  }
+  if (status.loginStatus === "Logged in" && status.accessToken) {
+    authEnv.UIPATH_ACCESS_TOKEN = status.accessToken;
+    if (status.baseUrl) {
+      const org = status.organizationName || status.organizationId;
+      const tenant = status.tenantName || status.tenantId;
+      if (org && tenant) {
+        authEnv.UIPATH_URL = `${status.baseUrl.replace(/\/+$/, "")}/${org}/${tenant}`;
+      }
+    }
+    if (status.organizationId)
+      authEnv.UIPATH_ORGANIZATION_ID = status.organizationId;
+    if (status.organizationName)
+      authEnv.UIPATH_ORGANIZATION_NAME = status.organizationName;
+    if (status.tenantId)
+      authEnv.UIPATH_TENANT_ID = status.tenantId;
+    if (status.tenantName)
+      authEnv.UIPATH_TENANT_NAME = status.tenantName;
+  }
+  return { authEnv, loginStatus: status };
+};
 // src/clientCredentials.ts
 var clientCredentialsLogin = async ({
   clientId,
@@ -1116,6 +1153,7 @@ export {
   isBrowser,
   getLoginStatusWithDeps,
   getLoginStatusAsync,
+  getAuthEnv,
   getAuthContext,
   fetchTenantsAndOrganizations,
   clientCredentialsLogin,

package/dist/index.d.ts

@@ -20,8 +20,11 @@ interface AuthenticateOptions {
     redirectUri?: URL;
     scope?: string[];
     organization?: string;
+    /** Max ms to wait for the browser callback; forwarded to the strategy's
+     *  local callback server. Defaults to the server's 5-min cap. */
+    timeoutMs?: number;
 }
-export declare const authenticate: ({ baseUrl, clientId, clientSecret, redirectUri, scope, organization, }: AuthenticateOptions) => Promise<{
+export declare const authenticate: ({ baseUrl, clientId, clientSecret, redirectUri, scope, organization, timeoutMs, }: AuthenticateOptions) => Promise<{
     accessToken: string;
     refreshToken: string;
 }>;

package/dist/index.js

@@ -19405,7 +19405,7 @@ __export(exports_browser_strategy, {
 });
 
 class BrowserAuthStrategy {
-  async execute(url, _redirectUri, expectedState) {
+  async execute(url, _redirectUri, expectedState, _opts) {
     const global2 = getGlobalThis();
     if (!global2?.window) {
       throw new Error("Browser environment required for authentication");
@@ -19480,10 +19480,11 @@ __export(exports_node_strategy, {
 });
 
 class NodeAuthStrategy {
-  async execute(url, redirectUri, expectedState) {
+  async execute(url, redirectUri, expectedState, opts) {
     const fs7 = getFileSystem();
     const callbackUrl = await startServer({
       redirectUri,
+      timeoutMs: opts?.timeoutMs,
       onListening: async () => {
         let safeUrl = "";
         for (const ch of url) {
@@ -20438,11 +20439,11 @@ var parseResourceUrl = (url) => {
   if (error || !parsed)
     return;
   const segments = parsed.pathname.split("/").filter(Boolean);
-  const organizationName = segments[0];
-  const tenantName = segments[1];
-  if (!organizationName || !tenantName)
-    return;
-  return { baseUrl: parsed.origin, organizationName, tenantName };
+  return {
+    baseUrl: parsed.origin,
+    organizationName: segments[0],
+    tenantName: segments[1]
+  };
 };
 var defaultLoadModule = async () => {
   const [error, mod] = await catchError(() => Promise.resolve().then(() => __toESM(require_dist(), 1)));
@@ -20493,6 +20494,7 @@ var tryRobotClientFallback = async (options = {}) => {
     }
     let organizationIdFromToken;
     let tenantIdFromToken;
+    let issuerFromToken;
     const [jwtError, claims] = catchError(() => parseJWT(accessToken));
     if (!jwtError && claims) {
       const rawOrgId = claims.prtId ?? claims.organizationId ?? claims.prt_id;
@@ -20503,6 +20505,10 @@ var tryRobotClientFallback = async (options = {}) => {
       if (typeof tenantClaim === "string" && tenantClaim.length > 0) {
         tenantIdFromToken = tenantClaim;
       }
+      const issClaim = claims.iss;
+      if (typeof issClaim === "string" && issClaim.length > 0) {
+        issuerFromToken = issClaim;
+      }
     }
     printNoticeOnce();
     return {
@@ -20511,7 +20517,8 @@ var tryRobotClientFallback = async (options = {}) => {
       organizationName: parsedUrl.organizationName,
       organizationId: organizationIdFromToken ?? parsedUrl.organizationName,
       tenantName: parsedUrl.tenantName,
-      tenantId: tenantIdFromToken
+      tenantId: tenantIdFromToken,
+      issuer: issuerFromToken
     };
   } catch {
     return;
@@ -20614,7 +20621,7 @@ var probeAsync = async (fs7, candidate) => {
     };
   }
 };
-var resolveEnvFileLocationAsync = async (envFilePath = DEFAULT_ENV_FILENAME) => {
+var resolveEnvFileLocationAsync = async (envFilePath = DEFAULT_ENV_FILENAME, opts) => {
   const fs7 = getFileSystem();
   if (fs7.path.isAbsolute(envFilePath)) {
     const probe2 = await probeAsync(fs7, envFilePath);
@@ -20625,7 +20632,7 @@ var resolveEnvFileLocationAsync = async (envFilePath = DEFAULT_ENV_FILENAME) =>
       ...probe2.unusable ? { unusable: probe2.unusable } : {}
     };
   }
-  const cwd = fs7.env.cwd();
+  const cwd = opts?.cwd ?? fs7.env.cwd();
   let searchDir = cwd;
   while (true) {
     const candidate = fs7.path.join(searchDir, envFilePath);
@@ -20655,8 +20662,8 @@ var resolveEnvFileLocationAsync = async (envFilePath = DEFAULT_ENV_FILENAME) =>
     ...probe.unusable ? { unusable: probe.unusable } : {}
   };
 };
-var resolveEnvFilePathAsync = async (envFilePath = DEFAULT_ENV_FILENAME) => {
-  const location = await resolveEnvFileLocationAsync(envFilePath);
+var resolveEnvFilePathAsync = async (envFilePath = DEFAULT_ENV_FILENAME, opts) => {
+  const location = await resolveEnvFileLocationAsync(envFilePath, opts);
   if (location.exists) {
     return { absolutePath: location.absolutePath };
   }
@@ -20893,6 +20900,7 @@ var getLoginStatusWithDeps = async (options = {}, deps = {}) => {
       organizationId: robotCreds.organizationId,
       tenantName: robotCreds.tenantName,
       tenantId: robotCreds.tenantId,
+      issuer: robotCreds.issuer,
       expiration: expiration2,
       source: "robot" /* Robot */
     };
@@ -20914,6 +20922,7 @@ var getLoginStatusWithDeps = async (options = {}, deps = {}) => {
         organizationId: robotCreds.organizationId,
         tenantName: robotCreds.tenantName,
         tenantId: robotCreds.tenantId,
+        issuer: robotCreds.issuer,
         expiration: expiration2,
         source: "robot" /* Robot */
       };
@@ -21071,7 +21080,8 @@ var getLoginStatusAsync = async (options = {}) => {
 // src/authContext.ts
 var getAuthContext = async (options = {}) => {
   const status = await getLoginStatusAsync({
-    ensureTokenValidityMinutes: options.ensureTokenValidityMinutes
+    ensureTokenValidityMinutes: options.ensureTokenValidityMinutes,
+    envFilePath: options.envFilePath
   });
   if (status.loginStatus !== "Logged in" || !status.baseUrl || !status.accessToken) {
     throw new Error(status.hint ? `Not logged in. ${status.hint}` : "Not logged in. Run 'uip login' first.");
@@ -21098,6 +21108,34 @@ var getAuthContext = async (options = {}) => {
     tenantName
   };
 };
+var getAuthEnv = async (options = {}) => {
+  const authEnv = {};
+  let status;
+  try {
+    status = await getLoginStatusAsync(options);
+  } catch {
+    return { authEnv };
+  }
+  if (status.loginStatus === "Logged in" && status.accessToken) {
+    authEnv.UIPATH_ACCESS_TOKEN = status.accessToken;
+    if (status.baseUrl) {
+      const org = status.organizationName || status.organizationId;
+      const tenant = status.tenantName || status.tenantId;
+      if (org && tenant) {
+        authEnv.UIPATH_URL = `${status.baseUrl.replace(/\/+$/, "")}/${org}/${tenant}`;
+      }
+    }
+    if (status.organizationId)
+      authEnv.UIPATH_ORGANIZATION_ID = status.organizationId;
+    if (status.organizationName)
+      authEnv.UIPATH_ORGANIZATION_NAME = status.organizationName;
+    if (status.tenantId)
+      authEnv.UIPATH_TENANT_ID = status.tenantId;
+    if (status.tenantName)
+      authEnv.UIPATH_TENANT_NAME = status.tenantName;
+  }
+  return { authEnv, loginStatus: status };
+};
 // src/clientCredentials.ts
 var clientCredentialsLogin = async ({
   clientId,
@@ -21234,7 +21272,8 @@ var interactiveLoginWithDeps = async (options, deps) => {
     tenant,
     organization,
     interactive,
-    onEvent
+    onEvent,
+    timeoutMs
   } = options;
   const emit = (event) => {
     if (!onEvent)
@@ -21262,7 +21301,8 @@ var interactiveLoginWithDeps = async (options, deps) => {
       clientId,
       clientSecret,
       scope,
-      organization
+      organization,
+      timeoutMs
     });
     return {
       UIPATH_ACCESS_TOKEN: authTokens.accessToken,
@@ -21405,7 +21445,8 @@ var authenticate = async ({
   clientSecret,
   redirectUri,
   scope,
-  organization
+  organization,
+  timeoutMs
 }) => {
   const config = await resolveConfigAsync({
     customAuthority: baseUrl,
@@ -21455,7 +21496,7 @@ var authenticate = async ({
     const { NodeAuthStrategy: NodeAuthStrategy2 } = await Promise.resolve().then(() => (init_node_strategy(), exports_node_strategy));
     strategy = new NodeAuthStrategy2;
   }
-  const code = await strategy.execute(authUrl, effectiveRedirectUriUrl, state);
+  const code = await strategy.execute(authUrl, effectiveRedirectUriUrl, state, { timeoutMs });
   return await exchangeCodeForTokens({
     code,
     codeVerifier: code_verifier,
@@ -21486,6 +21527,7 @@ export {
   interactiveLogin,
   getLoginStatusWithDeps,
   getLoginStatusAsync,
+  getAuthEnv,
   getAuthContext,
   fetchTenantsAndOrganizations,
   clientCredentialsLogin,

package/dist/interactive.d.ts

@@ -42,6 +42,15 @@ interface InteractiveLoginOptions {
     selectFromList?: SelectFromList;
     /** Optional subscriber for user-facing progress events. */
     onEvent?: (event: InteractiveLoginEvent) => void;
+    /**
+     * Max ms to wait for the browser callback before the local server closes
+     * itself and the login rejects with `AUTH_TIMEOUT_ERROR_CODE`. Lets an
+     * in-process host (e.g. the VS Code extension) bound a stuck login and
+     * free the callback port — parity with the CLI killing its `uip`
+     * subprocess on timeout. Defaults to the server's 5-min cap. Only the
+     * authorization-code (browser) path uses it.
+     */
+    timeoutMs?: number;
 }
 export interface InteractiveLoginDependencies {
     resolveConfig?: typeof resolveConfigAsync;

package/dist/loginStatus.d.ts

@@ -27,6 +27,13 @@ export interface LoginStatus {
     organizationId?: string;
     tenantName?: string;
     tenantId?: string;
+    /**
+     * Identity authority derived from the access token's `iss` claim.
+     * Authoritative for both cloud (`…/identity_`) and on-prem (`…/identity`),
+     * so consumers should build identity URLs from this rather than hardcoding
+     * the gateway path. Currently populated only on the Robot-borrow path.
+     */
+    issuer?: string;
     expiration?: Date;
     hint?: string;
     source?: LoginStatusSource;

package/dist/robotClientFallback.d.ts

@@ -21,10 +21,11 @@ interface RobotClientModule {
 export interface RobotClientFallbackResult {
     accessToken: string;
     baseUrl: string;
-    organizationName: string;
-    organizationId: string;
-    tenantName: string;
+    organizationName?: string;
+    organizationId?: string;
+    tenantName?: string;
     tenantId?: string;
+    issuer?: string;
 }
 export interface RobotClientFallbackOptions {
     timeoutMs?: number;

package/dist/strategies/auth-strategy.d.ts

@@ -1,3 +1,7 @@
 export interface IAuthStrategy {
-    execute(url: string, redirectUri: URL, expectedState: string): Promise<string>;
+    execute(url: string, redirectUri: URL, expectedState: string, 
+    /** Optional controls; `timeoutMs` bounds the wait for the callback. */
+    opts?: {
+        timeoutMs?: number;
+    }): Promise<string>;
 }

package/dist/strategies/browser-strategy.d.ts

@@ -1,4 +1,6 @@
 import type { IAuthStrategy } from "./auth-strategy";
 export declare class BrowserAuthStrategy implements IAuthStrategy {
-    execute(url: string, _redirectUri: URL, expectedState: string): Promise<string>;
+    execute(url: string, _redirectUri: URL, expectedState: string, _opts?: {
+        timeoutMs?: number;
+    }): Promise<string>;
 }

package/dist/strategies/node-strategy.d.ts

@@ -1,4 +1,6 @@
 import type { IAuthStrategy } from "./auth-strategy";
 export declare class NodeAuthStrategy implements IAuthStrategy {
-    execute(url: string, redirectUri: URL, expectedState: string): Promise<string>;
+    execute(url: string, redirectUri: URL, expectedState: string, opts?: {
+        timeoutMs?: number;
+    }): Promise<string>;
 }

package/dist/utils/envFile.d.ts

@@ -74,7 +74,9 @@ export type EnvFileLocation = {
  * "not found" and the search continues; only the final candidate (the
  * one actually returned) carries the `unusable` block.
  */
-export declare const resolveEnvFileLocationAsync: (envFilePath?: string) => Promise<EnvFileLocation>;
+export declare const resolveEnvFileLocationAsync: (envFilePath?: string, opts?: {
+    cwd?: string;
+}) => Promise<EnvFileLocation>;
 /**
  * Resolve the absolute path to an environment file, returning an
  * `errorMessage` if no existing usable file was found. Delegates the
@@ -83,8 +85,11 @@ export declare const resolveEnvFileLocationAsync: (envFilePath?: string) => Prom
  * semantics including the unreadable-vs-missing distinction.
  *
  * @param envFilePath - Path to the credentials file (defaults to ".uipath/.auth")
+ * @param opts.cwd - Directory to start the relative-path walk-up from (defaults to the process cwd)
  */
-export declare const resolveEnvFilePathAsync: (envFilePath?: string) => Promise<ResolveEnvFilePathResult>;
+export declare const resolveEnvFilePathAsync: (envFilePath?: string, opts?: {
+    cwd?: string;
+}) => Promise<ResolveEnvFilePathResult>;
 /**
  * Load environment variables from a credentials file
  * @param envPath - Path to the credentials file (relative to cwd or absolute)

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@uipath/auth",
   "license": "MIT",
-  "version": "1.195.0",
+  "version": "1.196.0",
   "repository": {
     "type": "git",
     "url": "https://github.com/UiPath/cli.git",
@@ -37,5 +37,5 @@
     "mihaigirleanu",
     "vlad-uipath"
   ],
-  "gitHead": "65fabb84552758b2710d8ca68470e70a9b1d19bc"
+  "gitHead": "94d71f9c52214980a1f0ae62b3f5372095788553"
 }