Skip to content

feat: move auth service to platform#1417

Open
radu-mocanu wants to merge 1 commit intomainfrom
feat/move-auth-to-platform
Open

feat: move auth service to platform#1417
radu-mocanu wants to merge 1 commit intomainfrom
feat/move-auth-to-platform

Conversation

@radu-mocanu
Copy link
Collaborator

@radu-mocanu radu-mocanu commented Mar 6, 2026
edited by github-actions bot
Loading

Summary

Move auth service from uipath to uipath-platform as a standalone service.

Changes

  • New AuthService in platform — OAuth2 PKCE flow, token refresh, tenant discovery
  • New StudioWebService (more methods will be added in a future PR, overwrites resolution, resources creation, project locking etc.)
  • Keep CLI-only concerns (update_env_file, _find_free_port, http-server) in uipath lib
  • Renamed CLI's auth class to AuthHandler
  • Rewrote platform and CLI auth tests
  • Added mkdocs API docs for AuthService

ToDo:

  • bump versions

Development Packages

uipath

[project]
dependencies = [
  # Exact version:
  "uipath==2.10.11.dev1014175252",

  # Any version from PR
  "uipath>=2.10.11.dev1014170000,<2.10.11.dev1014180000"
]

[[tool.uv.index]]
name = "testpypi"
url = "https://test.pypi.org/simple/"
publish-url = "https://test.pypi.org/legacy/"
explicit = true

[tool.uv.sources]
uipath = { index = "testpypi" }

uipath-platform

[project]
dependencies = [
  # Exact version:
  "uipath-platform==0.0.18.dev1014175252",

  # Any version from PR
  "uipath-platform>=0.0.18.dev1014170000,<0.0.18.dev1014180000"
]

[[tool.uv.index]]
name = "testpypi"
url = "https://test.pypi.org/simple/"
publish-url = "https://test.pypi.org/legacy/"
explicit = true

[tool.uv.sources]
uipath-platform = { index = "testpypi" }

@radu-mocanu radu-mocanu force-pushed the feat/move-auth-to-platform branch from 8127534 to ea1ad2e Compare March 6, 2026 15:13
@github-actions github-actions bot added test:uipath-langchain Triggers tests in the uipath-langchain-python repository test:uipath-llamaindex Triggers tests in the uipath-llamaindex-python repository labels Mar 6, 2026
@radu-mocanu radu-mocanu self-assigned this Mar 6, 2026
@radu-mocanu radu-mocanu added test:uipath-langchain Triggers tests in the uipath-langchain-python repository and removed test:uipath-langchain Triggers tests in the uipath-langchain-python repository labels Mar 6, 2026
@radu-mocanu radu-mocanu force-pushed the feat/move-auth-to-platform branch 2 times, most recently from ff4c74a to 79fbbd9 Compare March 9, 2026 16:11
@radu-mocanu radu-mocanu added the build:dev Create a dev build from the pr label Mar 10, 2026
@radu-mocanu radu-mocanu force-pushed the feat/move-auth-to-platform branch from 79fbbd9 to d500f71 Compare March 10, 2026 13:22
radugheo
radugheo reviewed Mar 10, 2026
View reviewed changes
packages/uipath/src/uipath/_cli/_auth/_auth_service.py

def _authenticate_client_credentials(self):
async def _authenticate_client_credentials(self):
assert self._client_id and self._client_secret, (
Copy link
Collaborator

@radugheo radugheo Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think we can remove assert from here and replace it with a check

packages/uipath/src/uipath/_cli/cli_auth.py
tenant=tenant,
scope=scope,
)
except ValueError as e:
Copy link
Collaborator

@radugheo radugheo Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we raise an AuthenticationError instead of logging and letting the error pass?

packages/uipath-platform/src/uipath/platform/auth/_errors.py
@@ -0,0 +1,4 @@
class AuthenticationError(Exception):
Copy link
Collaborator

@radugheo radugheo Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we name it UiPathAuthenticationError for consistency with the runtime erros?

packages/uipath-platform/src/uipath/platform/auth/_auth_service.py
if exp is not None and float(exp) > time.time():
return token_data

if not token_data.refresh_token:
Copy link
Collaborator

@radugheo radugheo Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick: we could move this check to the beginning of the method to have an early exit mechanism, since if token_data doesn't have a refresh_token, then we don't need to parse it and get its exp time.

packages/uipath-platform/src/uipath/platform/auth/_auth_service.py

return TokenData.model_validate(response.json())

async def ensure_valid_token(self, token_data: TokenData) -> TokenData:
Copy link
Collaborator

@radugheo radugheo Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick: since this method actually returns the a TokenData object, I think naming it ensure_valid_token might be a bit misleading.
maybe get_valid_token, validate_and_refresh_token or something like this would better communicate what this method does.

packages/uipath-platform/src/uipath/platform/auth/_auth_service.py
raw = json.load(f)
return AuthConfig(client_id=raw["client_id"], scope=raw["scope"])

def get_authorization_url(self, redirect_uri: str) -> AuthorizationRequest:
Copy link
Collaborator

@radugheo radugheo Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick: we could name this method get_authorization_request since it returns more than just the url

packages/uipath-platform/src/uipath/platform/auth/_oidc_utils.py
if version is None:
return "auth_config_cloud.json"

if version.startswith("25.10"):
Copy link
Collaborator

@radugheo radugheo Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since we return "auth_config_cloud.json" for any other version besides "25.10", we could simplify this by removing:

if version is None:
    return "auth_config_cloud.json"

packages/uipath/src/uipath/_cli/_auth/_auth_service.py
return redirect_uri, port


def update_env_file(env_contents: dict[str, Any]) -> None:
Copy link
Collaborator

@radugheo radugheo Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this method has a duplicate in packages\uipath\src\uipath\_utils\_auth.py

packages/uipath-platform/src/uipath/platform/auth/_utils.py
from ._models import AccessTokenData


def parse_access_token(access_token: str) -> AccessTokenData:
Copy link
Collaborator

@radugheo radugheo Mar 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this method has a duplicate in packages\uipath\src\uipath\_utils\_auth.py

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@radugheo radugheo radugheo left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@radu-mocanu radu-mocanu

Labels

build:dev Create a dev build from the pr test:uipath-langchain Triggers tests in the uipath-langchain-python repository test:uipath-llamaindex Triggers tests in the uipath-llamaindex-python repository

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@radu-mocanu @radugheo