UiPath
diff --git a/‎docs/FAQ.md‎
Lines changed: 212 additions & 0 deletions b/‎docs/FAQ.md‎
Lines changed: 212 additions & 0 deletions
diff --git a/‎pyproject.toml‎
Lines changed: 5 additions & 3 deletions b/‎pyproject.toml‎
Lines changed: 5 additions & 3 deletions
diff --git a/‎src/uipath/_cli/_auth/_client_credentials.py‎
Lines changed: 2 additions & 3 deletions b/‎src/uipath/_cli/_auth/_client_credentials.py‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎src/uipath/_cli/_auth/_portal_service.py‎
Lines changed: 31 additions & 4 deletions b/‎src/uipath/_cli/_auth/_portal_service.py‎
Lines changed: 31 additions & 4 deletions
@@ -72,6 +72,218 @@ packages = ["your_package"]
 
 For more detailed information about package discovery and configuration, refer to the [official setuptools documentation](https://setuptools.pypa.io/en/latest/userguide/package_discovery.html).
 
+### Q: Why am I getting timeouts or "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed" errors?
+
+The UiPath CLI automatically works with your corporate network setup, including proxy servers and security tools like ZScaler, by leveraging your system's native SSL certificate store.
+
+#### Proxy Configuration
+
+Configure these environment variables to route CLI traffic through your corporate proxy:
+
+//// tab | Linux/macOS Bash
+
+<!-- termynal -->
+```bash
+> export HTTP_PROXY=http://proxy.company.com:8080
+> export HTTPS_PROXY=https://proxy.company.com:8080
+> export NO_PROXY=localhost,127.0.0.1
+> uipath auth
+⠋ Authenticating with UiPath ...
+✓  Authentication successful.
+```
+
+////
+
+//// tab | Windows PowerShell
+
+<!-- termynal -->
+```powershell
+> $env:HTTP_PROXY="http://proxy.company.com:8080"
+> $env:HTTPS_PROXY="https://proxy.company.com:8080"
+> $env:NO_PROXY="localhost,127.0.0.1"
+> uipath auth
+⠋ Authenticating with UiPath ...
+✓  Authentication successful.
+```
+
+////
+
+//// tab | Windows CMD
+
+<!-- termynal -->
+```cmd
+> set HTTP_PROXY=http://proxy.company.com:8080
+> set HTTPS_PROXY=https://proxy.company.com:8080
+> set NO_PROXY=localhost,127.0.0.1
+> uipath auth
+⠋ Authenticating with UiPath ...
+✓  Authentication successful.
+```
+
+////
+
+#### Proxy Authentication
+
+//// tab | Linux/macOS Bash
+
+<!-- termynal -->
+```bash
+> export HTTP_PROXY=http://username:password@proxy.company.com:8080
+> export HTTPS_PROXY=https://username:password@proxy.company.com:8080
+> export NO_PROXY=localhost,127.0.0.1
+> uipath publish
+⠋ Fetching available package feeds...
+✓  Package published successfully!
+```
+
+////
+
+//// tab | Windows PowerShell
+
+<!-- termynal -->
+```powershell
+> $env:HTTP_PROXY="http://username:password@proxy.company.com:8080"
+> $env:HTTPS_PROXY="https://username:password@proxy.company.com:8080"
+> $env:NO_PROXY="localhost,127.0.0.1"
+> uipath publish
+⠋ Fetching available package feeds...
+✓  Package published successfully!
+```
+
+////
+
+//// tab | Windows CMD
+
+<!-- termynal -->
+```cmd
+> set HTTP_PROXY=http://username:password@proxy.company.com:8080
+> set HTTPS_PROXY=https://username:password@proxy.company.com:8080
+> set NO_PROXY=localhost,127.0.0.1
+> uipath publish
+⠋ Fetching available package feeds...
+✓  Package published successfully!
+```
+
+////
+
+/// tip
+**For IT Administrators**: Add these environment variables to your Group Policy or system configuration:
+
+```bash
+HTTP_PROXY=http://your-proxy.company.com:8080
+HTTPS_PROXY=https://your-proxy.company.com:8080
+NO_PROXY=localhost,127.0.0.1,*.company.com
+```
+///
+
+/// warning
+The CLI uses a local HTTP server for the authentication callback. You must **exclude localhost** from your proxy using `NO_PROXY=localhost,127.0.0.1` or authentication will fail.
+///
+
+##### Troubleshooting
+<!-- termynal -->
+```bash
+> # Test proxy connectivity
+> curl -v --proxy $HTTP_PROXY https://cloud.uipath.com
+*   Trying 192.168.1.100:8080...
+* Connected to proxy.company.com (192.168.1.100) port 8080
+✓ Connection successful
+
+> # Test localhost exclusion
+> curl --proxy $HTTP_PROXY http://localhost:8080
+* Bypassing proxy for localhost
+✓ Direct connection to localhost successful
+```
+
+#### SSL Certificates
+
+The UiPath CLI automatically uses your system's certificate store (Windows Certificate Store, macOS Keychain, Linux ca-certificates). Corporate certificates installed via Group Policy or IT tools will be automatically recognized.
+
+##### Troubleshooting SSL Issues
+
+If you encounter SSL certificate errors:
+
+1. **Disable SSL verification** (for testing only):
+
+   //// tab | Linux/macOS Bash
+
+   <!-- termynal -->
+   ```bash
+   > export UIPATH_DISABLE_SSL_VERIFY=true
+   > uipath auth
+   ⠋ Authenticating with UiPath ...
+   ✓  Authentication successful.
+   ```
+
+   ////
+
+   //// tab | Windows PowerShell
+
+   <!-- termynal -->
+   ```powershell
+   > $env:UIPATH_DISABLE_SSL_VERIFY="true"
+   > uipath auth
+   ⠋ Authenticating with UiPath ...
+   ✓  Authentication successful.
+   ```
+
+   ////
+
+   //// tab | Windows CMD
+
+   <!-- termynal -->
+   ```cmd
+   > set UIPATH_DISABLE_SSL_VERIFY=true
+   > uipath auth
+   ⠋ Authenticating with UiPath ...
+   ✓  Authentication successful.
+   ```
+
+   ////
+
+2. **Use custom certificate bundle** (if needed):
+
+   //// tab | Linux/macOS Bash
+
+   <!-- termynal -->
+   ```bash
+   > export SSL_CERT_FILE=/path/to/company-ca-bundle.pem
+   > export REQUESTS_CA_BUNDLE=/path/to/company-ca-bundle.pem
+   > uipath publish
+   ⠋ Publishing most recent package...
+   ✓  Package published successfully!
+   ```
+
+   ////
+
+   //// tab | Windows PowerShell
+
+   <!-- termynal -->
+   ```powershell
+   > $env:SSL_CERT_FILE="C:\certs\company-ca-bundle.pem"
+   > $env:REQUESTS_CA_BUNDLE="C:\certs\company-ca-bundle.pem"
+   > uipath publish
+   ⠋ Publishing most recent package...
+   ✓  Package published successfully!
+   ```
+
+   ////
+
+   //// tab | Windows CMD
+
+   <!-- termynal -->
+   ```cmd
+   > set SSL_CERT_FILE=C:\certs\company-ca-bundle.pem
+   > set REQUESTS_CA_BUNDLE=C:\certs\company-ca-bundle.pem
+   > uipath publish
+   ⠋ Publishing most recent package...
+   ✓  Package published successfully!
+   ```
+
+   ////
+
+
 ---
 
 *Note: This FAQ will be updated as new information becomes available. If you continue experiencing issues after following these solutions, please contact UiPath support.*
+
@@ -1,6 +1,6 @@
 [project]
 name = "uipath"
-version = "2.0.73"
+version = "2.0.74"
 description = "Python SDK and CLI for UiPath Platform, enabling programmatic interaction with automation services, process management, and deployment tools."
 readme = { file = "README.md", content-type = "text/markdown" }
 requires-python = ">=3.10"
@@ -15,6 +15,7 @@ dependencies = [
   "pathlib>=1.0.1",
   "rich>=13.0.0",
   "azure-monitor-opentelemetry>=1.6.8",
+  "truststore>=0.10.1"
 ]
 classifiers = [
   "Development Status :: 3 - Alpha",
@@ -48,6 +49,9 @@ dev = [
   "ruff>=0.9.4",
   "rust-just>=1.39.0",
   "pytest>=7.4.0",
+  "pytest-asyncio>=1.0.0",
+  "pytest-httpx>=0.35.0",
+  "pytest-trio>=0.8.0",
   "pytest-cov>=4.1.0",
   "pytest-mock>=3.11.1",
   "pre-commit>=4.1.0",
@@ -61,8 +65,6 @@ dev = [
   "mkdocs-open-in-new-tab>=1.0.8",
   "toml>=0.10.2",
   "inflection>=0.5.1",
-  "pytest-httpx>=0.35.0",
-  "pytest-trio>=0.8.0",
   "types-toml>=0.10.8",
 ]
 
 
@@ -3,6 +3,7 @@
 
 import httpx
 
+from ..._utils._ssl_context import get_httpx_client_kwargs
 from .._utils._console import ConsoleLogger
 from ._models import TokenData
 from ._utils import parse_access_token, update_env_file
@@ -91,13 +92,11 @@ def authenticate(
         }
 
         try:
-            with httpx.Client(timeout=30.0) as client:
+            with httpx.Client(**get_httpx_client_kwargs()) as client:
                 response = client.post(token_url, data=data)
-
                 match response.status_code:
                     case 200:
                         token_data = response.json()
-                        # Convert to our TokenData format
                         return {
                             "access_token": token_data["access_token"],
                             "token_type": token_data.get("token_type", "Bearer"),
 
@@ -5,6 +5,7 @@
 import click
 import httpx
 
+from ..._utils._ssl_context import get_httpx_client_kwargs
 from .._utils._console import ConsoleLogger
 from ._models import TenantsAndOrganizationInfoResponse, TokenData
 from ._oidc_utils import get_auth_config
@@ -16,7 +17,6 @@
 )
 
 console = ConsoleLogger()
-client = httpx.Client(follow_redirects=True, timeout=30.0)
 
 
 class PortalService:
@@ -27,6 +27,8 @@ class PortalService:
     domain: Optional[str] = None
     selected_tenant: Optional[str] = None
 
+    _client: Optional[httpx.Client] = None
+
     _tenants_and_organizations: Optional[TenantsAndOrganizationInfoResponse] = None
 
     def __init__(
@@ -39,13 +41,32 @@ def __init__(
         self.access_token = access_token
         self.prt_id = prt_id
 
+        self._client = httpx.Client(**get_httpx_client_kwargs())
+
+    def close(self):
+        """Explicitly close the HTTP client."""
+        if self._client:
+            self._client.close()
+            self._client = None
+
+    def __enter__(self):
+        """Enter the runtime context related to this object."""
+        return self
+
+    def __exit__(self, exc_type, exc_value, traceback):
+        """Exit the runtime context and close the HTTP client."""
+        self.close()
+
     def update_token_data(self, token_data: TokenData):
         self.access_token = token_data["access_token"]
         self.prt_id = get_parsed_token_data(token_data).get("prt_id")
 
     def get_tenants_and_organizations(self) -> TenantsAndOrganizationInfoResponse:
+        if self._client is None:
+            raise RuntimeError("HTTP client is not initialized")
+
         url = f"https://{self.domain}.uipath.com/{self.prt_id}/portal_/api/filtering/leftnav/tenantsAndOrganizationInfo"
-        response = client.get(
+        response = self._client.get(
             url, headers={"Authorization": f"Bearer {self.access_token}"}
         )
         if response.status_code < 400:
@@ -72,6 +93,9 @@ def get_uipath_orchestrator_url(self) -> str:
         return f"https://{self.domain}.uipath.com/{account_name}/{self.selected_tenant}/orchestrator_"
 
     def post_refresh_token_request(self, refresh_token: str) -> TokenData:
+        if self._client is None:
+            raise RuntimeError("HTTP client is not initialized")
+
         url = f"https://{self.domain}.uipath.com/identity_/connect/token"
         client_id = get_auth_config().get("client_id")
 
@@ -83,7 +107,7 @@ def post_refresh_token_request(self, refresh_token: str) -> TokenData:
 
         headers = {"Content-Type": "application/x-www-form-urlencoded"}
 
-        response = client.post(url, data=data, headers=headers)
+        response = self._client.post(url, data=data, headers=headers)
         if response.status_code < 400:
             return response.json()
         elif response.status_code == 401:
@@ -137,6 +161,9 @@ def ensure_valid_token(self):
         update_env_file(updated_env_contents)
 
     def post_auth(self, base_url: str) -> None:
+        if self._client is None:
+            raise RuntimeError("HTTP client is not initialized")
+
         or_base_url = (
             f"{base_url}/orchestrator_"
             if base_url
@@ -148,7 +175,7 @@ def post_auth(self, base_url: str) -> None:
 
         try:
             [try_enable_first_run_response, acquire_license_response] = [
-                client.post(
+                self._client.post(
                     url,
                     headers={"Authorization": f"Bearer {self.access_token}"},
                 )