refactor: client credentials logic

radugheo · radugheo · commit fab778be2f19 · 2025-09-29T16:36:58.000+03:00
diff --git a/samples/asset-modifier-agent/.env.example b/samples/asset-modifier-agent/.env.example
@@ -0,0 +1 @@
+UIPATH_CLIENT_SECRET=
diff --git a/samples/asset-modifier-agent/README.md b/samples/asset-modifier-agent/README.md
@@ -0,0 +1,44 @@
+# UiPath Coded Agent: Asset Value Checker
+
+This project demonstrates how to create a Python-based UiPath Coded Agent that connects as an External Application to UiPath Orchestrator, retrieves an asset, and validates its IntValue against custom rules.
+
+## Overview
+
+The agent uses the UiPath Python SDK to:
+
+* Connect to UiPath Orchestrator as an external application
+* Authenticate via the Client Credentials flow (Client ID + Client Secret)
+* Retrieve a specific asset from a given folder
+* Check whether the asset has an integer value and validate it against a range (100–1000)
+* Return a descriptive message with the validation result
+
+## How to Set Up
+
+### Step 1: Install UiPath Python SDK
+
+1. Open it with your prefered editor
+2. In terminal run:
+```bash
+uv init
+uv add uipath
+uv run uipath init
+```
+
+### Step 2: Configure Environment Variables
+```bash
+UIPATH_CLIENT_SECRET=your-client-secret
+```
+
+### Step 3: Understanding the Event Flow
+
+When this agent runs, it will:
+1. Pass the configured input values (`asset_name` and `folder_path`) into the agent
+2. Connect to Orchestrator using Client Credentials (Client ID + Client Secret)
+3. Retrieve the specified asset from the given folder
+4. Check whether the asset contains an IntValue and validates it against the allowed range (100–1000)
+5. Return a message with the validation result
+
+### Step 4: Publish Your Coded Agent
+
+1. Use `uipath pack` and `uipath publish` to create and publish the package
+2. Create an Orchestrator Automation from the published process
diff --git a/samples/asset-modifier-agent/main.py b/samples/asset-modifier-agent/main.py
@@ -0,0 +1,85 @@
+import dataclasses
+import dotenv
+import logging
+import os
+
+from typing import Optional
+from uipath import UiPath
+from uipath.tracing import traced
+
+dotenv.load_dotenv()
+logger = logging.getLogger(__name__)
+
+UIPATH_CLIENT_ID = "client_id"
+UIPATH_CLIENT_SECRET = os.getenv("UIPATH_CLIENT_SECRET")
+UIPATH_SCOPE = "OR.Assets"
+UIPATH_URL = "base_url"
+
+uipath = UiPath(
+    client_id=UIPATH_CLIENT_ID,
+    client_secret=UIPATH_CLIENT_SECRET,
+    scope=UIPATH_SCOPE,
+    base_url=UIPATH_URL
+)
+
+@dataclasses.dataclass
+class AgentInput:
+    """Input data structure for the UiPath agent.
+
+    Attributes:
+        asset_name (str): The name of the UiPath asset.
+        folder_path (str): The folder path where the asset is located.
+    """
+    asset_name: str
+    folder_path: str
+
+def get_asset(name: str, folder_path: str) -> Optional[object]:
+    """Retrieve an asset from UiPath.
+
+    Args:
+        name (str): The asset name.
+        folder_path (str): The UiPath folder path.
+
+    Returns:
+        Optional[object]: The asset object if found, else None.
+    """
+    return uipath.assets.retrieve(name=name, folder_path=folder_path)
+
+def check_asset(asset: object) -> str:
+    """Check if an asset's IntValue is within a valid range.
+
+    Args:
+        asset (object): The asset object.
+
+    Returns:
+        str: Result message depending on asset state.
+    """
+    if asset is None:
+        return "Asset not found."
+
+    int_value = getattr(asset, "int_value", None)
+    if int_value is None:
+        return "Asset does not have an IntValue."
+
+    if 100 <= int_value <= 1000:
+        return f"Asset '{asset.name}' has a valid IntValue: {int_value}"
+    else:
+        return f"Asset '{asset.name}' has an out-of-range IntValue: {int_value}"
+
+@traced()
+def main(input: AgentInput) -> str:
+    """Main entry point for the agent.
+
+    Args:
+        input (AgentInput): The input containing asset details.
+
+    Returns:
+        str: Message with the result of the asset check.
+    """
+    asset = get_asset(input.asset_name, input.folder_path)
+    return check_asset(asset)
+
+if __name__ == "__main__":
+    input_data = AgentInput(asset_name="test-asset", folder_path="TestFolder")
+    result = main(input_data)
+    print(result)
diff --git a/samples/asset-modifier-agent/pyproject.toml b/samples/asset-modifier-agent/pyproject.toml
@@ -0,0 +1,9 @@
+[project]
+name = "asset-checker-agent"
+version = "0.0.1"
+description = "UiPath agent to validate asset values via External Application integration with Orchestrator."
+authors = [{ name = "John Doe", email = "john.doe@myemail.com" }]
+dependencies = [
+    "uipath>=2.1.45",
+]
+requires-python = ">=3.10"
diff --git a/src/uipath/_cli/_auth/_auth_service.py b/src/uipath/_cli/_auth/_auth_service.py
@@ -7,16 +7,17 @@
 from urllib.parse import urlparse
 
 from uipath._cli._auth._auth_server import HTTPServer
-from uipath._cli._auth._client_credentials import ClientCredentialsService
 from uipath._cli._auth._oidc_utils import OidcUtils
 from uipath._cli._auth._portal_service import (
     PortalService,
     get_tenant_id,
     select_tenant,
 )
 from uipath._cli._auth._url_utils import set_force_flag
-from uipath._cli._auth._utils import update_auth_file, update_env_file
+from uipath._cli._auth._utils import update_auth_file
 from uipath._cli._utils._console import ConsoleLogger
+from uipath._services import ExternalApplicationService
+from uipath._utils._auth import parse_access_token, update_env_file
 
 
 class AuthService:
@@ -63,18 +64,22 @@ def authenticate(self) -> None:
         self._authenticate_authorization_code()
 
     def _authenticate_client_credentials(self) -> None:
-        if not self._base_url:
-            self._console.error(
-                "--base-url is required when using client credentials authentication."
-            )
-            return
         self._console.hint("Using client credentials authentication.")
-        credentials_service = ClientCredentialsService(self._base_url)
-        credentials_service.authenticate(
+        external_app_service = ExternalApplicationService(self._base_url)
+        access_token = external_app_service.get_access_token(
             self._client_id,  # type: ignore
             self._client_secret,  # type: ignore
             self._scope,
         )
+        parsed_access_token = parse_access_token(access_token)
+
+        env_vars = {
+            "UIPATH_ACCESS_TOKEN": access_token,
+            "UIPATH_URL": external_app_service._base_url,
+            "UIPATH_ORGANIZATION_ID": parsed_access_token.get("prt_id", ""),
+        }
+
+        update_env_file(env_vars)
 
     def _authenticate_authorization_code(self) -> None:
         with PortalService(self._domain) as portal_service:
diff --git a/src/uipath/_cli/_auth/_portal_service.py b/src/uipath/_cli/_auth/_portal_service.py
@@ -5,6 +5,7 @@
 import click
 import httpx
 
+from ..._utils._auth import update_env_file
 from ..._utils._ssl_context import get_httpx_client_kwargs
 from .._utils._console import ConsoleLogger
 from ._models import TenantsAndOrganizationInfoResponse, TokenData
@@ -14,7 +15,6 @@
     get_auth_data,
     get_parsed_token_data,
     update_auth_file,
-    update_env_file,
 )
 
 console = ConsoleLogger()
diff --git a/src/uipath/_cli/_auth/_utils.py b/src/uipath/_cli/_auth/_utils.py
@@ -1,9 +1,9 @@
-import base64
 import json
 import os
 from pathlib import Path
 from typing import Optional
 
+from ..._utils._auth import parse_access_token
 from ._models import AccessTokenData, TokenData
 
 
@@ -21,31 +21,7 @@ def get_auth_data() -> TokenData:
     return json.load(open(auth_file))
 
 
-def parse_access_token(access_token: str) -> AccessTokenData:
-    token_parts = access_token.split(".")
-    if len(token_parts) < 2:
-        raise Exception("Invalid access token")
-    payload = base64.urlsafe_b64decode(
-        token_parts[1] + "=" * (-len(token_parts[1]) % 4)
-    )
-    return json.loads(payload)
-
-
 def get_parsed_token_data(token_data: Optional[TokenData] = None) -> AccessTokenData:
     if not token_data:
         token_data = get_auth_data()
     return parse_access_token(token_data["access_token"])
-
-
-def update_env_file(env_contents):
-    env_path = Path.cwd() / ".env"
-    if env_path.exists():
-        with open(env_path, "r") as f:
-            for line in f:
-                if "=" in line:
-                    key, value = line.strip().split("=", 1)
-                    if key not in env_contents:
-                        env_contents[key] = value
-    lines = [f"{key}={value}\n" for key, value in env_contents.items()]
-    with open(env_path, "w") as f:
-        f.writelines(lines)
diff --git a/src/uipath/_services/__init__.py b/src/uipath/_services/__init__.py
@@ -6,6 +6,7 @@
 from .connections_service import ConnectionsService
 from .context_grounding_service import ContextGroundingService
 from .entities_service import EntitiesService
+from .external_application_service import ExternalApplicationService
 from .folder_service import FolderService
 from .jobs_service import JobsService
 from .llm_gateway_service import UiPathLlmChatService, UiPathOpenAIService
@@ -27,4 +28,5 @@
     "UiPathLlmChatService",
     "FolderService",
     "EntitiesService",
+    "ExternalApplicationService",
 ]
diff --git a/src/uipath/_services/external_application_service.py b/src/uipath/_services/external_application_service.py
diff --git a/src/uipath/_uipath.py b/src/uipath/_uipath.py
diff --git a/src/uipath/_utils/_auth.py b/src/uipath/_utils/_auth.py
diff --git a/tests/sdk/services/test_external_application_service.py b/tests/sdk/services/test_external_application_service.py
