Skip to content

Commit 640d9c1

Browse files
radu-mocanuradu-mocanu
committed
docs: document client credentials authentication flow (#422)
1 parent 97fb1a4 commit 640d9c1

1 file changed

Lines changed: 31 additions & 0 deletions

File tree

packages/uipath/docs/cli/index.md

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,37 @@ Select tenant number: 0
3232
Selected tenant: Tenant1
3333
✓ Authentication successful.
3434
```
35+
36+
/// info | Unattended Authentication (Client Credentials)
37+
38+
For CI/CD pipelines and other non-interactive contexts, authenticate with the OAuth client credentials flow by passing all three of `--client-id`, `--client-secret`, and `--base-url`. The CLI exchanges them for an access token and writes it to the same on-disk session used by interactive logins, so subsequent commands like `uipath publish` and `uipath invoke` work without further setup.
39+
40+
The `--base-url` must point at the tenant scope (`https://<host>/<organization>/<tenant>`). The optional `--scope` flag controls the OAuth scopes requested — defaults to `OR.Execution`, which is what `uipath publish` needs. Pass a space-separated list (for example `"OR.Execution OR.Queues"`) when you need additional scopes.
41+
42+
**Setup:**
43+
44+
1. In the Automation Cloud **Admin** page, open **External Applications** and create one of type *Confidential*. Grant it the Orchestrator scopes you need (for example `OR.Execution`). See the [External Applications guide](https://docs.uipath.com/automation-cloud/automation-cloud/latest/admin-guide/managing-external-applications) for details.
45+
2. Copy the generated **App ID** and **App Secret** — these become `--client-id` and `--client-secret`.
46+
47+
**Example:**
48+
49+
<!-- termynal -->
50+
```shell
51+
> uipath auth --client-id 12345678-c4c5-4f1f-93ff-4f5ab47d57ea \
52+
--client-secret 'your-secret' \
53+
--base-url https://cloud.uipath.com/your-org/your-tenant
54+
✓ Authentication successful.
55+
> uipath publish --tenant
56+
```
57+
58+
/// warning
59+
Treat `--client-secret` as a credential. In CI, prefer reading it from a secret store and passing it on the command line, rather than committing it to source control or leaving it in shell history.
60+
///
61+
62+
**Configuring the same flow in code:** if you would rather skip the CLI session and pass credentials directly to the SDK, the [`asset-modifier-agent` sample](https://github.com/UiPath/uipath-python/tree/main/packages/uipath/samples/asset-modifier-agent) shows how to construct a `UiPath` client with `client_id`, `client_secret`, `scope`, and `base_url` from environment variables.
63+
64+
///
65+
3566
---
3667

3768
::: mkdocs-click

0 commit comments

Comments
 (0)