npm - @uipath/auth - Versions diffs - 1.196.0 → 1.197.0-preview.59 - Mend

@uipath/auth 1.196.0 → 1.197.0-preview.59

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/authProfile.d.ts +11 -0
package/dist/clientCredentials.d.ts +4 -0
package/dist/envAuth.d.ts +1 -1
package/dist/index.browser.d.ts +1 -0
package/dist/index.browser.js +18688 -243
package/dist/index.d.ts +11 -2
package/dist/index.js +648 -248
package/dist/interactive.d.ts +11 -0
package/dist/loginStatus.d.ts +14 -5
package/dist/logout.d.ts +4 -0
package/dist/refreshCircuitBreaker.d.ts +42 -0
package/dist/selectTenant.d.ts +35 -0
package/dist/strategies/auth-strategy.d.ts +16 -5
package/dist/strategies/node-strategy.d.ts +2 -4
package/package.json +2 -2

package/dist/interactive.d.ts CHANGED Viewed

@@ -24,6 +24,9 @@ export type InteractiveLoginEvent = {
 } | {
     type: "tenant-fetch-failed";
     message: string;
+} | {
+    type: "auth-url";
+    url: string;
 };
 interface InteractiveLoginOptions {
     envFilePath?: string;
@@ -51,6 +54,14 @@ interface InteractiveLoginOptions {
      * authorization-code (browser) path uses it.
      */
     timeoutMs?: number;
+    /**
+     * Headless / automation-driven login: skip launching the system browser
+     * on the authorization-code path. The authorize URL is surfaced via an
+     * `auth-url` event so an external automation can open it; the existing
+     * local callback still completes the flow. No effect with `clientSecret`
+     * (client-credentials opens no browser).
+     */
+    noBrowser?: boolean;
 }
 export interface InteractiveLoginDependencies {
     resolveConfig?: typeof resolveConfigAsync;

package/dist/loginStatus.d.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import { getFileSystem } from "@uipath/filesystem";
 import { resolveConfigAsync } from "./config";
+import { clearRefreshBreaker, loadRefreshBreaker, saveRefreshBreaker } from "./refreshCircuitBreaker";
 import { tryRobotClientFallback } from "./robotClientFallback";
 import { refreshAccessToken } from "./tokenRefresh";
 import { loadEnvFileAsync, resolveEnvFilePathAsync, saveEnvFileAsync } from "./utils/envFile";
@@ -11,7 +12,8 @@ import { loadEnvFileAsync, resolveEnvFilePathAsync, saveEnvFileAsync } from "./u
 export type LoginStatusValue = "Logged in" | "Not logged in" | "Expired" | "Refresh Failed";
 export declare enum LoginStatusSource {
     File = "file",
-    Robot = "robot"
+    Robot = "robot",
+    Env = "env"
 }
 export interface TokenRefreshTelemetry {
     attempted: boolean;
@@ -53,6 +55,10 @@ export interface LoginStatus {
      */
     lockReleaseFailed?: boolean;
     tokenRefresh?: TokenRefreshTelemetry;
+    /** Refresh was short-circuited by the breaker; no IdP call was made. */
+    refreshCircuitOpen?: boolean;
+    /** Suppress the duplicate `uip.error` telemetry; still show the error. */
+    refreshTelemetrySuppressed?: boolean;
 }
 export interface GetLoginStatusOptions {
     envFilePath?: string;
@@ -66,11 +72,10 @@ export interface LoginStatusDependencies {
     refreshToken?: typeof refreshAccessToken;
     resolveConfig?: typeof resolveConfigAsync;
     robotFallback?: typeof tryRobotClientFallback;
+    loadBreaker?: typeof loadRefreshBreaker;
+    saveBreaker?: typeof saveRefreshBreaker;
+    clearBreaker?: typeof clearRefreshBreaker;
 }
-/**
- * Get the current login status by reading credentials from the credentials file (with DI for testing)
- */
-export declare const getLoginStatusWithDeps: (options?: GetLoginStatusOptions, deps?: LoginStatusDependencies) => Promise<LoginStatus>;
 /**
  * Get the current login status by reading credentials from the credentials file
  * @param envFilePath - Path to the credentials file (defaults to ".uipath/.auth")
@@ -78,3 +83,7 @@ export declare const getLoginStatusWithDeps: (options?: GetLoginStatusOptions, d
  * @returns LoginStatus object with authentication information
  */
 export declare const getLoginStatusAsync: (options?: GetLoginStatusOptions) => Promise<LoginStatus>;
+/**
+ * Get the current login status by reading credentials from the credentials file (with DI for testing)
+ */
+export declare const getLoginStatusWithDeps: (options?: GetLoginStatusOptions, deps?: LoginStatusDependencies) => Promise<LoginStatus>;

package/dist/logout.d.ts CHANGED Viewed

@@ -1,4 +1,6 @@
 import { getFileSystem } from "@uipath/filesystem";
+import { getActiveAuthProfileFilePath } from "./authProfile";
+import { clearRefreshBreaker } from "./refreshCircuitBreaker";
 import { resolveEnvFilePathAsync } from "./utils/envFile";
 export interface LogoutOptions {
     file?: string;
@@ -22,6 +24,8 @@ export interface LogoutFileSystem {
 export interface LogoutDependencies {
     resolveEnvFilePath?: typeof resolveEnvFilePathAsync;
     getFileSystem?: typeof getFileSystem;
+    clearBreaker?: typeof clearRefreshBreaker;
+    getActiveProfileFilePath?: typeof getActiveAuthProfileFilePath;
 }
 /**
  * Logout from UiPath Cloud by removing the credentials file.

package/dist/refreshCircuitBreaker.d.ts ADDED Viewed

@@ -0,0 +1,42 @@
+/**
+ * Persistent circuit-breaker state for the token-refresh path, stored as a
+ * JSON sibling of the credentials file. Each `uip` call is a separate process,
+ * so an in-memory breaker can't stop a non-interactive caller from re-hammering
+ * the IdP with a refresh we already know will fail — the state must live on
+ * disk. Keyed by a fingerprint of the refresh token, so re-login rotates the
+ * token and self-heals the breaker with no explicit reset.
+ */
+export interface RefreshBreakerState {
+    /** Fingerprint of a terminally-failed (`invalid_grant`) refresh token. */
+    deadTokenFp?: string;
+    /** Epoch ms before which transient failures should not be retried. */
+    backoffUntilMs?: number;
+    /** Consecutive transient-failure count; drives the backoff curve. */
+    attempts?: number;
+    /** Epoch ms a circuit-open failure was last surfaced to telemetry. */
+    lastSurfacedAtMs?: number;
+}
+/** Surface a circuit-open failure to telemetry at most once per hour. */
+export declare const SURFACE_WINDOW_MS: number;
+/**
+ * Non-reversible, truncated fingerprint — never persists the token itself.
+ * Uses WebCrypto so it works in the browser bundle, where `node:crypto` is
+ * shimmed to throw; falls back to `node:crypto` only on runtimes without a
+ * global `crypto.subtle`.
+ */
+export declare function refreshTokenFingerprint(refreshToken: string): Promise<string>;
+/** A missing or unparseable file is treated as "no breaker" (empty state). */
+export declare function loadRefreshBreaker(authPath: string): Promise<RefreshBreakerState>;
+/**
+ * Persist atomically (temp file + rename). Best-effort and self-protecting
+ * (like {@link clearRefreshBreaker}): a breaker we can't write degrades to
+ * today's retry-every-time behavior, no worse than before — so callers don't
+ * need their own `.catch`.
+ */
+export declare function saveRefreshBreaker(authPath: string, state: RefreshBreakerState): Promise<void>;
+/** Remove the breaker file. Best-effort; a missing file is success. */
+export declare function clearRefreshBreaker(authPath: string): Promise<void>;
+/** Backoff for the Nth consecutive failure: 1 min, doubling, capped at 1h. */
+export declare function nextBackoffMs(attempts: number): number;
+/** First failure always surfaces; afterwards at most once per window. */
+export declare function shouldSurface(state: RefreshBreakerState, nowMs: number): boolean;

package/dist/selectTenant.d.ts CHANGED Viewed

@@ -1,5 +1,40 @@
 import { type TenantsAndOrganizations } from "./tenantSelection";
 export type SelectFromList = (options: string[], message: string) => Promise<number>;
+export declare const TENANT_SELECTION_REQUIRED_CODE = "TENANT_SELECTION_REQUIRED";
+export declare const INVALID_TENANT_CODE = "INVALID_TENANT";
+/**
+ * Auth succeeded, but we cannot resolve a single tenant to use — either none
+ * was chosen for a multi-tenant org we can't prompt in, or the requested
+ * `--tenant` doesn't exist. Both carry the org's tenant names so the host can
+ * render one actionable, non-zero-exit error that lists the valid choices.
+ *
+ * Recognized across bundle boundaries by `code` (see `isTenantSelectionError`),
+ * never `instanceof` — each tool bundles its own copy of this class, so class
+ * identity does not survive the boundary.
+ */
+export declare abstract class TenantSelectionError extends Error {
+    abstract readonly code: string;
+    readonly availableTenants: string[];
+    readonly organizationName: string;
+    constructor(message: string, organizationName: string, availableTenants: string[]);
+}
+/** Multiple tenants exist, none was chosen, and we can't prompt. */
+export declare class TenantSelectionRequiredError extends TenantSelectionError {
+    readonly code = "TENANT_SELECTION_REQUIRED";
+    constructor(organizationName: string, availableTenants: string[]);
+}
+/** A `--tenant <name>` was given that matches no tenant in the org. */
+export declare class InvalidTenantError extends TenantSelectionError {
+    readonly code = "INVALID_TENANT";
+    readonly requestedTenant: string;
+    constructor(requestedTenant: string, organizationName: string, availableTenants: string[]);
+}
+/**
+ * Duck-typed across bundles: true for either tenant-selection error. Checks
+ * `code` and the carried `availableTenants` rather than `instanceof`, so it
+ * works on the CLI side where the error crossed a bundle boundary.
+ */
+export declare function isTenantSelectionError(error: unknown): error is TenantSelectionError;
 interface TenantSelectionDependencies {
     fetchTenantsAndOrgs?: (baseUrl: string, accessToken: string, organizationId: string) => Promise<TenantsAndOrganizations>;
     selectFromList?: SelectFromList;

package/dist/strategies/auth-strategy.d.ts CHANGED Viewed

@@ -1,7 +1,18 @@
+/** Optional controls for {@link IAuthStrategy.execute}. Named once and shared
+ *  with the concrete strategies so the three copies can't drift. */
+export interface AuthExecuteOptions {
+    /** Bounds the wait for the callback. */
+    timeoutMs?: number;
+    /** When true, do not launch the system browser. Requires `onAuthUrl` so
+     *  the URL is surfaced to the caller instead of being lost. */
+    noBrowser?: boolean;
+    /**
+     * Invoked with the authorize URL when `noBrowser` is set, in place of
+     * opening a browser. Called once, when the callback server starts
+     * listening. Mandatory whenever `noBrowser` is true.
+     */
+    onAuthUrl?: (url: string) => void;
+}
 export interface IAuthStrategy {
-    execute(url: string, redirectUri: URL, expectedState: string,
-    /** Optional controls; `timeoutMs` bounds the wait for the callback. */
-    opts?: {
-        timeoutMs?: number;
-    }): Promise<string>;
+    execute(url: string, redirectUri: URL, expectedState: string, opts?: AuthExecuteOptions): Promise<string>;
 }

package/dist/strategies/node-strategy.d.ts CHANGED Viewed

@@ -1,6 +1,4 @@
-import type { IAuthStrategy } from "./auth-strategy";
+import type { AuthExecuteOptions, IAuthStrategy } from "./auth-strategy";
 export declare class NodeAuthStrategy implements IAuthStrategy {
-    execute(url: string, redirectUri: URL, expectedState: string, opts?: {
-        timeoutMs?: number;
-    }): Promise<string>;
+    execute(url: string, redirectUri: URL, expectedState: string, opts?: AuthExecuteOptions): Promise<string>;
 }

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@uipath/auth",
   "license": "MIT",
-  "version": "1.196.0",
+  "version": "1.197.0-preview.59",
   "repository": {
     "type": "git",
     "url": "https://github.com/UiPath/cli.git",
@@ -37,5 +37,5 @@
     "mihaigirleanu",
     "vlad-uipath"
   ],
-  "gitHead": "94d71f9c52214980a1f0ae62b3f5372095788553"
+  "gitHead": "df0e2b8140cced13f463b487214927c82bc0f85b"
 }