@uipath/uipath-typescript 1.3.10 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent-memory/index.cjs +1765 -0
- package/dist/agent-memory/index.d.ts +588 -0
- package/dist/agent-memory/index.mjs +1763 -0
- package/dist/agents/index.cjs +1726 -0
- package/dist/agents/index.d.ts +502 -0
- package/dist/agents/index.mjs +1724 -0
- package/dist/assets/index.cjs +155 -30
- package/dist/assets/index.d.ts +84 -5
- package/dist/assets/index.mjs +155 -30
- package/dist/attachments/index.cjs +37 -6
- package/dist/attachments/index.d.ts +1 -0
- package/dist/attachments/index.mjs +37 -6
- package/dist/buckets/index.cjs +37 -6
- package/dist/buckets/index.d.ts +1 -0
- package/dist/buckets/index.mjs +37 -6
- package/dist/cases/index.cjs +192 -10
- package/dist/cases/index.d.ts +208 -7
- package/dist/cases/index.mjs +192 -11
- package/dist/conversational-agent/index.cjs +124 -57
- package/dist/conversational-agent/index.d.ts +190 -122
- package/dist/conversational-agent/index.mjs +124 -57
- package/dist/core/index.cjs +413 -105
- package/dist/core/index.d.ts +15 -0
- package/dist/core/index.mjs +413 -105
- package/dist/entities/index.cjs +135 -70
- package/dist/entities/index.d.ts +146 -45
- package/dist/entities/index.mjs +135 -70
- package/dist/feedback/index.cjs +37 -6
- package/dist/feedback/index.d.ts +1 -0
- package/dist/feedback/index.mjs +37 -6
- package/dist/governance/index.cjs +1782 -0
- package/dist/governance/index.d.ts +598 -0
- package/dist/governance/index.mjs +1780 -0
- package/dist/index.cjs +1050 -291
- package/dist/index.d.ts +1313 -134
- package/dist/index.mjs +1050 -292
- package/dist/index.umd.js +4546 -3770
- package/dist/jobs/index.cjs +37 -6
- package/dist/jobs/index.d.ts +1 -0
- package/dist/jobs/index.mjs +37 -6
- package/dist/maestro-processes/index.cjs +224 -18
- package/dist/maestro-processes/index.d.ts +221 -9
- package/dist/maestro-processes/index.mjs +224 -18
- package/dist/processes/index.cjs +37 -6
- package/dist/processes/index.d.ts +1 -0
- package/dist/processes/index.mjs +37 -6
- package/dist/queues/index.cjs +37 -6
- package/dist/queues/index.d.ts +1 -0
- package/dist/queues/index.mjs +37 -6
- package/dist/tasks/index.cjs +37 -6
- package/dist/tasks/index.d.ts +1 -0
- package/dist/tasks/index.mjs +37 -6
- package/dist/traces/index.cjs +1933 -0
- package/dist/traces/index.d.ts +566 -0
- package/dist/traces/index.mjs +1931 -0
- package/package.json +42 -2
package/dist/core/index.mjs
CHANGED
|
@@ -4011,7 +4011,7 @@ object({
|
|
|
4011
4011
|
secret: string().optional(),
|
|
4012
4012
|
clientId: string().optional(),
|
|
4013
4013
|
redirectUri: string().url().optional(),
|
|
4014
|
-
scope: string().optional()
|
|
4014
|
+
scope: string().optional(),
|
|
4015
4015
|
});
|
|
4016
4016
|
class UiPathConfig {
|
|
4017
4017
|
constructor(options) {
|
|
@@ -4062,6 +4062,32 @@ class ExecutionContext {
|
|
|
4062
4062
|
*/
|
|
4063
4063
|
const isBrowser = typeof window !== 'undefined' && typeof window.document !== 'undefined';
|
|
4064
4064
|
const isInActionCenter = isBrowser && window.self != window.top && window.location.href.includes('source=ActionCenter');
|
|
4065
|
+
const _params = isBrowser ? new URLSearchParams(window.location.search) : null;
|
|
4066
|
+
/**
|
|
4067
|
+
* True when the coded app has been loaded inside a host frame that explicitly
|
|
4068
|
+
* opted into token delegation by adding `?host=embed` to the iframe src URL.
|
|
4069
|
+
*/
|
|
4070
|
+
const isHostEmbedded = isBrowser && window.self !== window.top && _params?.get('host') === 'embed';
|
|
4071
|
+
/**
|
|
4072
|
+
* The validated parent origin, read from the `?basedomain=` query param set
|
|
4073
|
+
* by the embedding host in the iframe src URL.
|
|
4074
|
+
* Mirrors the same mechanism used by ActionCenterTokenManager.
|
|
4075
|
+
* Non-null only when `?host=embed` is present and `?basedomain=` is a valid URL.
|
|
4076
|
+
*/
|
|
4077
|
+
const embeddingOrigin = (() => {
|
|
4078
|
+
if (!isHostEmbedded)
|
|
4079
|
+
return null;
|
|
4080
|
+
const basedomain = _params?.get('basedomain');
|
|
4081
|
+
if (!basedomain)
|
|
4082
|
+
return null;
|
|
4083
|
+
try {
|
|
4084
|
+
return new URL(basedomain).origin;
|
|
4085
|
+
}
|
|
4086
|
+
catch {
|
|
4087
|
+
console.warn('embeddingOrigin: basedomain query param is not a valid URL', basedomain);
|
|
4088
|
+
return null;
|
|
4089
|
+
}
|
|
4090
|
+
})();
|
|
4065
4091
|
|
|
4066
4092
|
/**
|
|
4067
4093
|
* Session storage keys used by the auth module
|
|
@@ -4494,6 +4520,96 @@ var ActionCenterEventNames;
|
|
|
4494
4520
|
})(ActionCenterEventNames || (ActionCenterEventNames = {}));
|
|
4495
4521
|
|
|
4496
4522
|
const AUTHENTICATION_TIMEOUT = 8000;
|
|
4523
|
+
const ALLOWED_HOST_ORIGINS = new Set([
|
|
4524
|
+
'https://alpha.uipath.com',
|
|
4525
|
+
'https://staging.uipath.com',
|
|
4526
|
+
'https://cloud.uipath.com',
|
|
4527
|
+
]);
|
|
4528
|
+
/**
|
|
4529
|
+
* Returns true if the origin is a trusted UiPath host that may initiate
|
|
4530
|
+
* token delegation. Mirrors the same allowlist used by ActionCenterTokenManager.
|
|
4531
|
+
*/
|
|
4532
|
+
function isValidHostOrigin(origin) {
|
|
4533
|
+
if (!origin)
|
|
4534
|
+
return false;
|
|
4535
|
+
if (ALLOWED_HOST_ORIGINS.has(origin))
|
|
4536
|
+
return true;
|
|
4537
|
+
try {
|
|
4538
|
+
return new URL(origin).hostname === 'localhost';
|
|
4539
|
+
}
|
|
4540
|
+
catch {
|
|
4541
|
+
console.warn('isValidHostOrigin: received a malformed origin URL', origin);
|
|
4542
|
+
return false;
|
|
4543
|
+
}
|
|
4544
|
+
}
|
|
4545
|
+
function isTokenExpired(tokenInfo) {
|
|
4546
|
+
if (!tokenInfo?.expiresAt)
|
|
4547
|
+
return true;
|
|
4548
|
+
return new Date() >= tokenInfo.expiresAt;
|
|
4549
|
+
}
|
|
4550
|
+
/**
|
|
4551
|
+
* Waits for the next window message that satisfies `filter`.
|
|
4552
|
+
* Rejects if the AbortSignal fires before a matching message arrives.
|
|
4553
|
+
*/
|
|
4554
|
+
function waitForMessage(filter, signal) {
|
|
4555
|
+
return new Promise((resolve, reject) => {
|
|
4556
|
+
const handler = (event) => {
|
|
4557
|
+
if (!filter(event))
|
|
4558
|
+
return;
|
|
4559
|
+
window.removeEventListener('message', handler);
|
|
4560
|
+
resolve(event);
|
|
4561
|
+
};
|
|
4562
|
+
signal.addEventListener('abort', () => {
|
|
4563
|
+
window.removeEventListener('message', handler);
|
|
4564
|
+
reject(signal.reason);
|
|
4565
|
+
}, { once: true });
|
|
4566
|
+
window.addEventListener('message', handler);
|
|
4567
|
+
});
|
|
4568
|
+
}
|
|
4569
|
+
/**
|
|
4570
|
+
* Sends a token-refresh request to a parent host frame and waits for the
|
|
4571
|
+
* response. Handles timeout, origin filtering, and listener cleanup.
|
|
4572
|
+
*
|
|
4573
|
+
* Both ActionCenterTokenManager and EmbeddedTokenManager delegate to this
|
|
4574
|
+
* function; they differ only in the event names and message shape they use.
|
|
4575
|
+
*/
|
|
4576
|
+
function requestHostToken(options) {
|
|
4577
|
+
const { pinnedOrigin, sendRequest, responseEventType, extractToken, onTokenRefreshed } = options;
|
|
4578
|
+
const controller = new AbortController();
|
|
4579
|
+
const cancel = () => controller.abort(new AuthenticationError({
|
|
4580
|
+
message: 'Token refresh cancelled',
|
|
4581
|
+
statusCode: HttpStatus.UNAUTHORIZED,
|
|
4582
|
+
}));
|
|
4583
|
+
const promise = (async () => {
|
|
4584
|
+
const timer = setTimeout(() => controller.abort(new AuthenticationError({
|
|
4585
|
+
message: `Token refresh timed out after ${AUTHENTICATION_TIMEOUT}ms waiting for host response`,
|
|
4586
|
+
statusCode: HttpStatus.UNAUTHORIZED,
|
|
4587
|
+
})), AUTHENTICATION_TIMEOUT);
|
|
4588
|
+
try {
|
|
4589
|
+
// Register listener before sending — avoids any race between send and response
|
|
4590
|
+
const responsePromise = waitForMessage(event => event.origin === pinnedOrigin && event.data?.eventType === responseEventType, controller.signal);
|
|
4591
|
+
sendRequest();
|
|
4592
|
+
const event = await responsePromise;
|
|
4593
|
+
const token = extractToken(event.data);
|
|
4594
|
+
if (!token) {
|
|
4595
|
+
throw new AuthenticationError({
|
|
4596
|
+
message: 'Host responded but did not include a valid access token',
|
|
4597
|
+
statusCode: HttpStatus.UNAUTHORIZED,
|
|
4598
|
+
});
|
|
4599
|
+
}
|
|
4600
|
+
// type: 'secret' intentionally prevents the SDK's internal OAuth refresh path
|
|
4601
|
+
// from running — the host manager owns the refresh cycle via requestHostToken.
|
|
4602
|
+
// This mirrors the same pattern used by ActionCenterTokenManager.
|
|
4603
|
+
onTokenRefreshed({ token: token.accessToken, type: 'secret', expiresAt: token.expiresAt });
|
|
4604
|
+
return token.accessToken;
|
|
4605
|
+
}
|
|
4606
|
+
finally {
|
|
4607
|
+
clearTimeout(timer);
|
|
4608
|
+
}
|
|
4609
|
+
})();
|
|
4610
|
+
return { promise, cancel };
|
|
4611
|
+
}
|
|
4612
|
+
|
|
4497
4613
|
class ActionCenterTokenManager {
|
|
4498
4614
|
constructor(config, onTokenRefreshed) {
|
|
4499
4615
|
this.config = config;
|
|
@@ -4502,85 +4618,283 @@ class ActionCenterTokenManager {
|
|
|
4502
4618
|
this.refreshPromise = null;
|
|
4503
4619
|
}
|
|
4504
4620
|
async refreshAccessToken(tokenInfo) {
|
|
4505
|
-
if (!
|
|
4621
|
+
if (!isTokenExpired(tokenInfo)) {
|
|
4506
4622
|
return tokenInfo.token;
|
|
4507
4623
|
}
|
|
4508
4624
|
if (this.refreshPromise) {
|
|
4509
4625
|
return this.refreshPromise;
|
|
4510
4626
|
}
|
|
4511
|
-
|
|
4512
|
-
|
|
4627
|
+
const parentOrigin = this.parentOrigin;
|
|
4628
|
+
if (!parentOrigin) {
|
|
4629
|
+
return Promise.reject(new AuthenticationError({
|
|
4630
|
+
message: 'Cannot refresh token: basedomain query parameter is missing',
|
|
4631
|
+
statusCode: HttpStatus.UNAUTHORIZED,
|
|
4632
|
+
}));
|
|
4633
|
+
}
|
|
4634
|
+
// Guard before requestHostToken registers the inbound listener — an untrusted
|
|
4635
|
+
// basedomain would otherwise leave the listener live for the full timeout window,
|
|
4636
|
+
// accepting a forged TOKENREFRESHED from that origin.
|
|
4637
|
+
if (!isValidHostOrigin(parentOrigin)) {
|
|
4638
|
+
return Promise.reject(new AuthenticationError({
|
|
4639
|
+
message: 'Cannot refresh token: basedomain is not a trusted UiPath host origin',
|
|
4640
|
+
statusCode: HttpStatus.UNAUTHORIZED,
|
|
4641
|
+
}));
|
|
4642
|
+
}
|
|
4643
|
+
const { promise } = requestHostToken({
|
|
4644
|
+
pinnedOrigin: parentOrigin,
|
|
4645
|
+
sendRequest: () => this.sendMessageToParent(ActionCenterEventNames.REFRESHTOKEN, {
|
|
4513
4646
|
clientId: this.config.clientId,
|
|
4514
4647
|
scope: this.config.scope,
|
|
4515
|
-
}
|
|
4516
|
-
|
|
4517
|
-
|
|
4518
|
-
|
|
4519
|
-
|
|
4520
|
-
|
|
4521
|
-
|
|
4522
|
-
|
|
4523
|
-
|
|
4524
|
-
const { accessToken, expiresAt } = event.data.content.token;
|
|
4525
|
-
this.onTokenRefreshed({ token: accessToken, type: 'secret', expiresAt });
|
|
4526
|
-
resolve(accessToken);
|
|
4527
|
-
}
|
|
4528
|
-
else {
|
|
4529
|
-
reject(new AuthenticationError({
|
|
4530
|
-
message: 'Failed to fetch access token',
|
|
4531
|
-
statusCode: HttpStatus.UNAUTHORIZED,
|
|
4532
|
-
}));
|
|
4533
|
-
}
|
|
4534
|
-
this.refreshPromise = null;
|
|
4535
|
-
this.cleanup(messageListener);
|
|
4536
|
-
};
|
|
4537
|
-
const timer = setTimeout(() => {
|
|
4538
|
-
reject(new AuthenticationError({
|
|
4539
|
-
message: 'Failed to fetch access token',
|
|
4540
|
-
statusCode: HttpStatus.UNAUTHORIZED,
|
|
4541
|
-
}));
|
|
4542
|
-
this.refreshPromise = null;
|
|
4543
|
-
this.cleanup(messageListener);
|
|
4544
|
-
}, AUTHENTICATION_TIMEOUT);
|
|
4545
|
-
window.addEventListener('message', messageListener);
|
|
4648
|
+
}),
|
|
4649
|
+
responseEventType: ActionCenterEventNames.TOKENREFRESHED,
|
|
4650
|
+
extractToken: (data) => {
|
|
4651
|
+
const token = data?.content?.token;
|
|
4652
|
+
if (!token?.accessToken)
|
|
4653
|
+
return undefined;
|
|
4654
|
+
return { accessToken: token.accessToken, expiresAt: token.expiresAt };
|
|
4655
|
+
},
|
|
4656
|
+
onTokenRefreshed: this.onTokenRefreshed,
|
|
4546
4657
|
});
|
|
4547
|
-
|
|
4548
|
-
|
|
4549
|
-
|
|
4550
|
-
|
|
4551
|
-
|
|
4658
|
+
this.refreshPromise = promise;
|
|
4659
|
+
try {
|
|
4660
|
+
return await this.refreshPromise;
|
|
4661
|
+
}
|
|
4662
|
+
finally {
|
|
4663
|
+
this.refreshPromise = null;
|
|
4552
4664
|
}
|
|
4553
|
-
return new Date() >= tokenInfo.expiresAt;
|
|
4554
4665
|
}
|
|
4555
4666
|
sendMessageToParent(eventType, content) {
|
|
4556
|
-
if (window.parent &&
|
|
4667
|
+
if (window.parent && isValidHostOrigin(this.parentOrigin)) {
|
|
4557
4668
|
try {
|
|
4558
4669
|
window.parent.postMessage({ eventType, content }, this.parentOrigin);
|
|
4559
4670
|
}
|
|
4560
4671
|
catch (error) {
|
|
4561
|
-
console.warn('
|
|
4672
|
+
console.warn('ActionCenterTokenManager: postMessage to host failed', JSON.stringify(error));
|
|
4562
4673
|
}
|
|
4563
4674
|
}
|
|
4564
4675
|
}
|
|
4565
|
-
|
|
4566
|
-
|
|
4676
|
+
}
|
|
4677
|
+
|
|
4678
|
+
/**
|
|
4679
|
+
* Event names and payload types for the UIP.* postMessage protocol used
|
|
4680
|
+
* when a coded app is embedded inside a UiPath host (e.g. Governance Portal, Insights UI).
|
|
4681
|
+
*
|
|
4682
|
+
* Flow — app-initiated, mirrors the Action Center protocol:
|
|
4683
|
+
* App → Host: UIP.refreshToken (requests a token; carries clientId + scope
|
|
4684
|
+
* so the host knows which OAuth client to use)
|
|
4685
|
+
* Host → App: UIP.tokenRefreshed (delivers the access token)
|
|
4686
|
+
*
|
|
4687
|
+
* Detection: the host signals embedding via `?host=embed&basedomain=<origin>` in
|
|
4688
|
+
* the iframe src URL. No explicit init message from the host is required.
|
|
4689
|
+
*/
|
|
4690
|
+
var UipEmbeddedEventNames;
|
|
4691
|
+
(function (UipEmbeddedEventNames) {
|
|
4692
|
+
UipEmbeddedEventNames["REFRESH_TOKEN"] = "UIP.refreshToken";
|
|
4693
|
+
UipEmbeddedEventNames["TOKEN_REFRESHED"] = "UIP.tokenRefreshed";
|
|
4694
|
+
})(UipEmbeddedEventNames || (UipEmbeddedEventNames = {}));
|
|
4695
|
+
|
|
4696
|
+
function parseExpiresAt(raw) {
|
|
4697
|
+
const d = new Date(raw);
|
|
4698
|
+
if (isNaN(d.getTime())) {
|
|
4699
|
+
console.warn('EmbeddedTokenManager: host sent a malformed expiresAt value — treating token as already expired', raw);
|
|
4700
|
+
return new Date(0);
|
|
4567
4701
|
}
|
|
4568
|
-
|
|
4569
|
-
|
|
4570
|
-
|
|
4571
|
-
|
|
4702
|
+
return d;
|
|
4703
|
+
}
|
|
4704
|
+
function extractToken(data) {
|
|
4705
|
+
const token = data?.content?.token;
|
|
4706
|
+
if (!token?.accessToken)
|
|
4707
|
+
return undefined;
|
|
4708
|
+
return { accessToken: token.accessToken, expiresAt: parseExpiresAt(token.expiresAt) };
|
|
4709
|
+
}
|
|
4710
|
+
/**
|
|
4711
|
+
* Handles token delegation for coded apps embedded inside a UiPath host
|
|
4712
|
+
* (e.g. Governance Portal, Insights UI).
|
|
4713
|
+
*
|
|
4714
|
+
* Detection: the host signals embedding via `?host=embed&basedomain=<origin>`
|
|
4715
|
+
* in the iframe src URL. `parentOrigin` is read from `?basedomain=` and validated
|
|
4716
|
+
* against the trusted UiPath host allowlist before this manager is constructed.
|
|
4717
|
+
* This mirrors the mechanism used by ActionCenterTokenManager.
|
|
4718
|
+
*
|
|
4719
|
+
* On every token expiry the SDK sends `UIP.refreshToken` with `clientId` and
|
|
4720
|
+
* `scope`; the host performs silent SSO and responds with `UIP.tokenRefreshed`.
|
|
4721
|
+
*/
|
|
4722
|
+
class EmbeddedTokenManager {
|
|
4723
|
+
/**
|
|
4724
|
+
* @param parentOrigin Validated UiPath host origin from the `?basedomain=` query parameter.
|
|
4725
|
+
* @param config SDK configuration — `clientId` and `scope` are required and forwarded
|
|
4726
|
+
* in every `UIP.refreshToken` request so the host knows which OAuth client to use.
|
|
4727
|
+
* @param onTokenRefreshed Called with the refreshed TokenInfo so the caller
|
|
4728
|
+
* can persist it in the execution context.
|
|
4729
|
+
* @throws {AuthenticationError} if `config.clientId` or `config.scope` are not set.
|
|
4730
|
+
*/
|
|
4731
|
+
constructor(parentOrigin, config, onTokenRefreshed) {
|
|
4732
|
+
this.parentOrigin = parentOrigin;
|
|
4733
|
+
this.onTokenRefreshed = onTokenRefreshed;
|
|
4734
|
+
this.refreshPromise = null;
|
|
4735
|
+
this.cancelRefresh = null;
|
|
4736
|
+
if (!config.clientId || !config.scope) {
|
|
4737
|
+
throw new ValidationError({
|
|
4738
|
+
message: 'EmbeddedTokenManager requires clientId and scope to be configured for host-delegated authentication',
|
|
4739
|
+
});
|
|
4572
4740
|
}
|
|
4573
|
-
|
|
4574
|
-
|
|
4741
|
+
this.clientId = config.clientId;
|
|
4742
|
+
this.scope = config.scope;
|
|
4743
|
+
}
|
|
4744
|
+
async refreshAccessToken(tokenInfo) {
|
|
4745
|
+
if (!isTokenExpired(tokenInfo)) {
|
|
4746
|
+
return tokenInfo.token;
|
|
4575
4747
|
}
|
|
4748
|
+
if (this.refreshPromise) {
|
|
4749
|
+
return this.refreshPromise;
|
|
4750
|
+
}
|
|
4751
|
+
const { promise, cancel } = requestHostToken({
|
|
4752
|
+
pinnedOrigin: this.parentOrigin,
|
|
4753
|
+
sendRequest: () => {
|
|
4754
|
+
try {
|
|
4755
|
+
const message = {
|
|
4756
|
+
eventType: UipEmbeddedEventNames.REFRESH_TOKEN,
|
|
4757
|
+
content: { clientId: this.clientId, scope: this.scope },
|
|
4758
|
+
};
|
|
4759
|
+
window.parent.postMessage(message, this.parentOrigin);
|
|
4760
|
+
}
|
|
4761
|
+
catch (error) {
|
|
4762
|
+
console.warn('EmbeddedTokenManager: postMessage to host failed', error);
|
|
4763
|
+
}
|
|
4764
|
+
},
|
|
4765
|
+
responseEventType: UipEmbeddedEventNames.TOKEN_REFRESHED,
|
|
4766
|
+
extractToken,
|
|
4767
|
+
onTokenRefreshed: this.onTokenRefreshed,
|
|
4768
|
+
});
|
|
4769
|
+
this.cancelRefresh = cancel;
|
|
4770
|
+
this.refreshPromise = promise;
|
|
4576
4771
|
try {
|
|
4577
|
-
|
|
4578
|
-
return url.hostname === 'localhost';
|
|
4772
|
+
return await this.refreshPromise;
|
|
4579
4773
|
}
|
|
4580
|
-
|
|
4581
|
-
|
|
4774
|
+
finally {
|
|
4775
|
+
this.refreshPromise = null;
|
|
4776
|
+
this.cancelRefresh = null;
|
|
4777
|
+
}
|
|
4778
|
+
}
|
|
4779
|
+
/** Cancels any in-flight token-refresh request. */
|
|
4780
|
+
destroy() {
|
|
4781
|
+
this.cancelRefresh?.();
|
|
4782
|
+
}
|
|
4783
|
+
}
|
|
4784
|
+
|
|
4785
|
+
/**
|
|
4786
|
+
* SDK Telemetry constants.
|
|
4787
|
+
*
|
|
4788
|
+
* Only the SDK's identity (version, service name, role name, …) lives
|
|
4789
|
+
* here. The Application Insights connection string is injected into
|
|
4790
|
+
* `@uipath/core-telemetry` itself at publish time, and the generic attribute
|
|
4791
|
+
* keys (`Version`, `Service`, `CloudOrganizationName`, …) are owned by
|
|
4792
|
+
* `@uipath/core-telemetry` and consumed there — they are not part of the
|
|
4793
|
+
* SDK's public API.
|
|
4794
|
+
*/
|
|
4795
|
+
/** SDK version placeholder — patched by the SDK publish workflow. */
|
|
4796
|
+
const SDK_VERSION = '1.4.0';
|
|
4797
|
+
const CLOUD_ROLE_NAME = 'uipath-ts-sdk';
|
|
4798
|
+
const SDK_SERVICE_NAME = 'UiPath.TypeScript.Sdk';
|
|
4799
|
+
const SDK_LOGGER_NAME = 'uipath-ts-sdk-telemetry';
|
|
4800
|
+
const SDK_RUN_EVENT = 'Sdk.Run';
|
|
4801
|
+
|
|
4802
|
+
/**
|
|
4803
|
+
* UiPath TypeScript SDK Telemetry
|
|
4804
|
+
*
|
|
4805
|
+
* Constructs the SDK's own `TelemetryClient` and binds the SDK-local
|
|
4806
|
+
* `track` / `trackEvent` to it. Each consumer of `@uipath/core-telemetry`
|
|
4807
|
+
* does this independently, so events carry their own consumer's identity
|
|
4808
|
+
* and tenant context.
|
|
4809
|
+
*/
|
|
4810
|
+
// Keyed by `CLOUD_ROLE_NAME` so every SDK subpath bundle resolves to the
|
|
4811
|
+
// same `TelemetryClient` instance at runtime. A single `initialize(...)`
|
|
4812
|
+
// from the `UiPath` constructor therefore wires up `@track` decorators
|
|
4813
|
+
// across every subpath bundle (`assets`, `feedback`, `tasks`, …).
|
|
4814
|
+
const sdkClient = getOrCreateClient(CLOUD_ROLE_NAME);
|
|
4815
|
+
const track = createTrack(sdkClient);
|
|
4816
|
+
const trackEvent = createTrackEvent(sdkClient);
|
|
4817
|
+
const telemetryClient = {
|
|
4818
|
+
initialize(context) {
|
|
4819
|
+
sdkClient.initialize({
|
|
4820
|
+
sdkVersion: SDK_VERSION,
|
|
4821
|
+
serviceName: SDK_SERVICE_NAME,
|
|
4822
|
+
cloudRoleName: CLOUD_ROLE_NAME,
|
|
4823
|
+
loggerName: SDK_LOGGER_NAME,
|
|
4824
|
+
defaultEventName: SDK_RUN_EVENT,
|
|
4825
|
+
context,
|
|
4826
|
+
});
|
|
4827
|
+
},
|
|
4828
|
+
/**
|
|
4829
|
+
* Sets the authenticated user's id so every subsequently emitted event
|
|
4830
|
+
* carries it as `CloudUserId`.
|
|
4831
|
+
*/
|
|
4832
|
+
setUserId(userId) {
|
|
4833
|
+
sdkClient.setUserId(userId);
|
|
4834
|
+
},
|
|
4835
|
+
};
|
|
4836
|
+
|
|
4837
|
+
/**
|
|
4838
|
+
* Base64 encoding/decoding
|
|
4839
|
+
*/
|
|
4840
|
+
/**
|
|
4841
|
+
* Decodes a base64 string
|
|
4842
|
+
* @param base64 - The base64 string to decode
|
|
4843
|
+
* @returns Decoded string
|
|
4844
|
+
*/
|
|
4845
|
+
function decodeBase64(base64) {
|
|
4846
|
+
let bytes;
|
|
4847
|
+
if (isBrowser) {
|
|
4848
|
+
// Browser environment
|
|
4849
|
+
const binaryString = atob(base64);
|
|
4850
|
+
bytes = new Uint8Array(binaryString.length);
|
|
4851
|
+
for (let i = 0; i < binaryString.length; i++) {
|
|
4852
|
+
bytes[i] = binaryString.charCodeAt(i);
|
|
4582
4853
|
}
|
|
4583
4854
|
}
|
|
4855
|
+
else {
|
|
4856
|
+
// Node.js environment
|
|
4857
|
+
bytes = new Uint8Array(Buffer.from(base64, 'base64'));
|
|
4858
|
+
}
|
|
4859
|
+
// TextDecoder for UTF-8 decoding (works in both browser and Node.js)
|
|
4860
|
+
const decoder = new TextDecoder();
|
|
4861
|
+
return decoder.decode(bytes);
|
|
4862
|
+
}
|
|
4863
|
+
|
|
4864
|
+
/**
|
|
4865
|
+
* JWT decoding helpers — payload inspection only, no signature verification.
|
|
4866
|
+
*/
|
|
4867
|
+
const BASE64URL_DASH_RE = /-/g;
|
|
4868
|
+
const BASE64URL_UNDERSCORE_RE = /_/g;
|
|
4869
|
+
/**
|
|
4870
|
+
* Converts a base64url-encoded JWT segment to standard base64 with padding.
|
|
4871
|
+
*/
|
|
4872
|
+
function base64UrlToBase64(value) {
|
|
4873
|
+
const base64 = value
|
|
4874
|
+
.replace(BASE64URL_DASH_RE, '+')
|
|
4875
|
+
.replace(BASE64URL_UNDERSCORE_RE, '/');
|
|
4876
|
+
return base64.padEnd(base64.length + ((4 - (base64.length % 4)) % 4), '=');
|
|
4877
|
+
}
|
|
4878
|
+
/**
|
|
4879
|
+
* Extracts the user id (`sub` claim) from a JWT access token payload.
|
|
4880
|
+
* Returns an empty string for opaque (non-JWT) tokens or malformed payloads.
|
|
4881
|
+
*
|
|
4882
|
+
* @param token - The access token to inspect
|
|
4883
|
+
* @returns The user id, or an empty string if it cannot be extracted
|
|
4884
|
+
*/
|
|
4885
|
+
function extractUserIdFromToken(token) {
|
|
4886
|
+
try {
|
|
4887
|
+
const payload = token.split('.')[1];
|
|
4888
|
+
if (!payload) {
|
|
4889
|
+
return '';
|
|
4890
|
+
}
|
|
4891
|
+
const claims = JSON.parse(decodeBase64(base64UrlToBase64(payload)));
|
|
4892
|
+
const sub = claims['sub'];
|
|
4893
|
+
return typeof sub === 'string' && sub ? sub : '';
|
|
4894
|
+
}
|
|
4895
|
+
catch {
|
|
4896
|
+
return '';
|
|
4897
|
+
}
|
|
4584
4898
|
}
|
|
4585
4899
|
|
|
4586
4900
|
/**
|
|
@@ -4602,10 +4916,15 @@ class TokenManager {
|
|
|
4602
4916
|
this.isOAuth = isOAuth;
|
|
4603
4917
|
this.refreshPromise = null;
|
|
4604
4918
|
this.actionCenterTokenManager = null;
|
|
4919
|
+
this.embeddedTokenManager = null;
|
|
4605
4920
|
if (isInActionCenter) {
|
|
4606
4921
|
this.actionCenterTokenManager = new ActionCenterTokenManager(config, (tokenInfo) => this.setToken(tokenInfo));
|
|
4607
4922
|
this.isOAuth = false;
|
|
4608
4923
|
}
|
|
4924
|
+
else if (isHostEmbedded && embeddingOrigin && isValidHostOrigin(embeddingOrigin)) {
|
|
4925
|
+
this.embeddedTokenManager = new EmbeddedTokenManager(embeddingOrigin, config, tokenInfo => this.setToken(tokenInfo));
|
|
4926
|
+
this.isOAuth = false;
|
|
4927
|
+
}
|
|
4609
4928
|
}
|
|
4610
4929
|
/**
|
|
4611
4930
|
* Checks if a token is expired
|
|
@@ -4636,6 +4955,10 @@ class TokenManager {
|
|
|
4636
4955
|
if (this.actionCenterTokenManager) {
|
|
4637
4956
|
return await this.actionCenterTokenManager.refreshAccessToken(tokenInfo);
|
|
4638
4957
|
}
|
|
4958
|
+
// Generic embedded path — active whenever the app is embedded in a UiPath host page
|
|
4959
|
+
if (this.embeddedTokenManager) {
|
|
4960
|
+
return await this.embeddedTokenManager.refreshAccessToken(tokenInfo);
|
|
4961
|
+
}
|
|
4639
4962
|
// For secret-based tokens, they never expire
|
|
4640
4963
|
if (tokenInfo.type === 'secret') {
|
|
4641
4964
|
return tokenInfo.token;
|
|
@@ -4774,6 +5097,13 @@ class TokenManager {
|
|
|
4774
5097
|
}
|
|
4775
5098
|
return true;
|
|
4776
5099
|
}
|
|
5100
|
+
/**
|
|
5101
|
+
* Releases resources held by this instance.
|
|
5102
|
+
* Must be called when the TokenManager is no longer needed to prevent listener leaks.
|
|
5103
|
+
*/
|
|
5104
|
+
destroy() {
|
|
5105
|
+
this.embeddedTokenManager?.destroy();
|
|
5106
|
+
}
|
|
4777
5107
|
/**
|
|
4778
5108
|
* Clears the current token
|
|
4779
5109
|
*/
|
|
@@ -4795,6 +5125,7 @@ class TokenManager {
|
|
|
4795
5125
|
*/
|
|
4796
5126
|
_updateExecutionContext(tokenInfo) {
|
|
4797
5127
|
this.executionContext.set('tokenInfo', tokenInfo);
|
|
5128
|
+
telemetryClient.setUserId(extractUserIdFromToken(tokenInfo.token));
|
|
4798
5129
|
}
|
|
4799
5130
|
/**
|
|
4800
5131
|
* Refreshes the access token using the stored refresh token.
|
|
@@ -4824,6 +5155,9 @@ class TokenManager {
|
|
|
4824
5155
|
* Internal method to perform the actual token refresh
|
|
4825
5156
|
*/
|
|
4826
5157
|
async _doRefreshToken() {
|
|
5158
|
+
// Destructure before the type guard — hasOAuthConfig narrows this.config to
|
|
5159
|
+
// { clientId, redirectUri, scope } which does not include BaseConfig fields.
|
|
5160
|
+
const { orgName, baseUrl } = this.config;
|
|
4827
5161
|
// Check if we're in OAuth flow
|
|
4828
5162
|
if (!hasOAuthConfig(this.config)) {
|
|
4829
5163
|
throw new Error('refreshAccessToken is only available in OAuth flow');
|
|
@@ -4833,13 +5167,12 @@ class TokenManager {
|
|
|
4833
5167
|
if (!tokenInfo?.refreshToken) {
|
|
4834
5168
|
throw new Error('No refresh token available. User may need to re-authenticate.');
|
|
4835
5169
|
}
|
|
4836
|
-
const orgName = this.config.orgName;
|
|
4837
5170
|
const body = new URLSearchParams({
|
|
4838
5171
|
grant_type: 'refresh_token',
|
|
4839
5172
|
client_id: this.config.clientId,
|
|
4840
5173
|
refresh_token: tokenInfo.refreshToken
|
|
4841
5174
|
});
|
|
4842
|
-
const response = await fetch(`${
|
|
5175
|
+
const response = await fetch(`${baseUrl}/${orgName}/identity_/connect/token`, {
|
|
4843
5176
|
method: 'POST',
|
|
4844
5177
|
headers: {
|
|
4845
5178
|
'Content-Type': 'application/x-www-form-urlencoded'
|
|
@@ -5299,51 +5632,6 @@ function normalizeBaseUrl(url) {
|
|
|
5299
5632
|
return url.endsWith('/') ? url.slice(0, -1) : url;
|
|
5300
5633
|
}
|
|
5301
5634
|
|
|
5302
|
-
/**
|
|
5303
|
-
* SDK Telemetry constants.
|
|
5304
|
-
*
|
|
5305
|
-
* Only the SDK's identity (version, service name, role name, …) lives
|
|
5306
|
-
* here. The Application Insights connection string is injected into
|
|
5307
|
-
* `@uipath/core-telemetry` itself at publish time, and the generic attribute
|
|
5308
|
-
* keys (`Version`, `Service`, `CloudOrganizationName`, …) are owned by
|
|
5309
|
-
* `@uipath/core-telemetry` and consumed there — they are not part of the
|
|
5310
|
-
* SDK's public API.
|
|
5311
|
-
*/
|
|
5312
|
-
/** SDK version placeholder — patched by the SDK publish workflow. */
|
|
5313
|
-
const SDK_VERSION = '1.3.10';
|
|
5314
|
-
const CLOUD_ROLE_NAME = 'uipath-ts-sdk';
|
|
5315
|
-
const SDK_SERVICE_NAME = 'UiPath.TypeScript.Sdk';
|
|
5316
|
-
const SDK_LOGGER_NAME = 'uipath-ts-sdk-telemetry';
|
|
5317
|
-
const SDK_RUN_EVENT = 'Sdk.Run';
|
|
5318
|
-
|
|
5319
|
-
/**
|
|
5320
|
-
* UiPath TypeScript SDK Telemetry
|
|
5321
|
-
*
|
|
5322
|
-
* Constructs the SDK's own `TelemetryClient` and binds the SDK-local
|
|
5323
|
-
* `track` / `trackEvent` to it. Each consumer of `@uipath/core-telemetry`
|
|
5324
|
-
* does this independently, so events carry their own consumer's identity
|
|
5325
|
-
* and tenant context.
|
|
5326
|
-
*/
|
|
5327
|
-
// Keyed by `CLOUD_ROLE_NAME` so every SDK subpath bundle resolves to the
|
|
5328
|
-
// same `TelemetryClient` instance at runtime. A single `initialize(...)`
|
|
5329
|
-
// from the `UiPath` constructor therefore wires up `@track` decorators
|
|
5330
|
-
// across every subpath bundle (`assets`, `feedback`, `tasks`, …).
|
|
5331
|
-
const sdkClient = getOrCreateClient(CLOUD_ROLE_NAME);
|
|
5332
|
-
const track = createTrack(sdkClient);
|
|
5333
|
-
const trackEvent = createTrackEvent(sdkClient);
|
|
5334
|
-
const telemetryClient = {
|
|
5335
|
-
initialize(context) {
|
|
5336
|
-
sdkClient.initialize({
|
|
5337
|
-
sdkVersion: SDK_VERSION,
|
|
5338
|
-
serviceName: SDK_SERVICE_NAME,
|
|
5339
|
-
cloudRoleName: CLOUD_ROLE_NAME,
|
|
5340
|
-
loggerName: SDK_LOGGER_NAME,
|
|
5341
|
-
defaultEventName: SDK_RUN_EVENT,
|
|
5342
|
-
context,
|
|
5343
|
-
});
|
|
5344
|
-
},
|
|
5345
|
-
};
|
|
5346
|
-
|
|
5347
5635
|
/**
|
|
5348
5636
|
* SDK Internals Registry - Internal registry for SDK instances
|
|
5349
5637
|
*
|
|
@@ -5453,7 +5741,7 @@ function loadFromMetaTags() {
|
|
|
5453
5741
|
return hasAnyValue ? config : null;
|
|
5454
5742
|
}
|
|
5455
5743
|
|
|
5456
|
-
var _UiPath_instances, _UiPath_config, _UiPath_authService, _UiPath_initialized, _UiPath_partialConfig, _UiPath_multiLogin, _UiPath_metaFolderKey, _UiPath_initializeWithConfig, _UiPath_loadConfig;
|
|
5744
|
+
var _UiPath_instances, _UiPath_config, _UiPath_authService, _UiPath_initialized, _UiPath_partialConfig, _UiPath_multiLogin, _UiPath_metaFolderKey, _UiPath_metaOrgId, _UiPath_metaTenantId, _UiPath_initializeWithConfig, _UiPath_loadConfig;
|
|
5457
5745
|
/**
|
|
5458
5746
|
* UiPath - Core SDK class for authentication and configuration management.
|
|
5459
5747
|
*
|
|
@@ -5498,9 +5786,18 @@ class UiPath {
|
|
|
5498
5786
|
// deployments). Not accepted via the public constructor; lives here so the
|
|
5499
5787
|
// SDK can flow it through to BaseService.config without polluting BaseConfig.
|
|
5500
5788
|
_UiPath_metaFolderKey.set(this, void 0);
|
|
5789
|
+
// Org/tenant ids captured from the meta tags before the constructor config
|
|
5790
|
+
// is merged in. The `uipath:org-name`/`uipath:tenant-name` meta tags always
|
|
5791
|
+
// carry org/tenant *ids* in coded-app deployments, whereas a
|
|
5792
|
+
// constructor-supplied `orgName`/`tenantName` may be actual names — so the
|
|
5793
|
+
// telemetry ids must be read from the meta tags.
|
|
5794
|
+
_UiPath_metaOrgId.set(this, void 0);
|
|
5795
|
+
_UiPath_metaTenantId.set(this, void 0);
|
|
5501
5796
|
// Load configuration from meta tags
|
|
5502
5797
|
const configFromMetaTags = loadFromMetaTags();
|
|
5503
5798
|
__classPrivateFieldSet(this, _UiPath_metaFolderKey, configFromMetaTags?.folderKey, "f");
|
|
5799
|
+
__classPrivateFieldSet(this, _UiPath_metaOrgId, configFromMetaTags?.orgName, "f");
|
|
5800
|
+
__classPrivateFieldSet(this, _UiPath_metaTenantId, configFromMetaTags?.tenantName, "f");
|
|
5504
5801
|
// Merge configuration: constructor config overrides meta tags
|
|
5505
5802
|
const mergedConfig = config ? { ...configFromMetaTags, ...config } : configFromMetaTags;
|
|
5506
5803
|
if (mergedConfig && isCompleteConfig(mergedConfig)) {
|
|
@@ -5607,6 +5904,13 @@ class UiPath {
|
|
|
5607
5904
|
getToken() {
|
|
5608
5905
|
return __classPrivateFieldGet(this, _UiPath_authService, "f")?.getToken();
|
|
5609
5906
|
}
|
|
5907
|
+
/**
|
|
5908
|
+
* Releases resources held by this SDK instance.
|
|
5909
|
+
* Cancels any in-flight token-refresh request. Call this when the coded app is unmounted.
|
|
5910
|
+
*/
|
|
5911
|
+
destroy() {
|
|
5912
|
+
__classPrivateFieldGet(this, _UiPath_authService, "f")?.getTokenManager()?.destroy();
|
|
5913
|
+
}
|
|
5610
5914
|
/**
|
|
5611
5915
|
* Logout from the SDK, clearing all authentication state.
|
|
5612
5916
|
* After calling this method, the user will need to re-initialize to authenticate again.
|
|
@@ -5629,7 +5933,7 @@ class UiPath {
|
|
|
5629
5933
|
__classPrivateFieldGet(this, _UiPath_authService, "f")?.updateToken(tokenInfo);
|
|
5630
5934
|
}
|
|
5631
5935
|
}
|
|
5632
|
-
_UiPath_config = new WeakMap(), _UiPath_authService = new WeakMap(), _UiPath_initialized = new WeakMap(), _UiPath_partialConfig = new WeakMap(), _UiPath_multiLogin = new WeakMap(), _UiPath_metaFolderKey = new WeakMap(), _UiPath_instances = new WeakSet(), _UiPath_initializeWithConfig = function _UiPath_initializeWithConfig(config) {
|
|
5936
|
+
_UiPath_config = new WeakMap(), _UiPath_authService = new WeakMap(), _UiPath_initialized = new WeakMap(), _UiPath_partialConfig = new WeakMap(), _UiPath_multiLogin = new WeakMap(), _UiPath_metaFolderKey = new WeakMap(), _UiPath_metaOrgId = new WeakMap(), _UiPath_metaTenantId = new WeakMap(), _UiPath_instances = new WeakSet(), _UiPath_initializeWithConfig = function _UiPath_initializeWithConfig(config) {
|
|
5633
5937
|
// Validate and normalize the configuration
|
|
5634
5938
|
validateConfig(config);
|
|
5635
5939
|
const hasSecretAuth = hasSecretConfig(config);
|
|
@@ -5665,9 +5969,11 @@ _UiPath_config = new WeakMap(), _UiPath_authService = new WeakMap(), _UiPath_ini
|
|
|
5665
5969
|
orgName: internalConfig.orgName,
|
|
5666
5970
|
tenantName: internalConfig.tenantName
|
|
5667
5971
|
};
|
|
5668
|
-
// Initialize telemetry with SDK configuration
|
|
5972
|
+
// Initialize telemetry with SDK configuration.
|
|
5669
5973
|
telemetryClient.initialize({
|
|
5670
5974
|
baseUrl: config.baseUrl,
|
|
5975
|
+
orgId: __classPrivateFieldGet(this, _UiPath_metaOrgId, "f"),
|
|
5976
|
+
tenantId: __classPrivateFieldGet(this, _UiPath_metaTenantId, "f"),
|
|
5671
5977
|
orgName: config.orgName,
|
|
5672
5978
|
tenantName: config.tenantName,
|
|
5673
5979
|
clientId: hasOAuthAuth ? config.clientId : undefined,
|
|
@@ -5686,6 +5992,8 @@ _UiPath_config = new WeakMap(), _UiPath_authService = new WeakMap(), _UiPath_ini
|
|
|
5686
5992
|
// Load from meta tags
|
|
5687
5993
|
const metaConfig = loadFromMetaTags();
|
|
5688
5994
|
__classPrivateFieldSet(this, _UiPath_metaFolderKey, metaConfig?.folderKey, "f");
|
|
5995
|
+
__classPrivateFieldSet(this, _UiPath_metaOrgId, metaConfig?.orgName, "f");
|
|
5996
|
+
__classPrivateFieldSet(this, _UiPath_metaTenantId, metaConfig?.tenantName, "f");
|
|
5689
5997
|
// Merge with any partial config from constructor (constructor overrides meta tags)
|
|
5690
5998
|
const merged = { ...metaConfig, ...__classPrivateFieldGet(this, _UiPath_partialConfig, "f") };
|
|
5691
5999
|
if (!isCompleteConfig(merged)) {
|