fix(auth): add setMultiLogin for login picker (#408)

* fix(auth): make acr_values optional

* fix(auth): address acr_values review feedback

* fix(auth): use setMultiLogin for login picker

* docs(auth): clarify setMultiLogin comments

* docs(auth): mark internal multi-login helper

* docs(auth): hide setMultiLogin from api docs

Author: dsuresh-ap

README.md

@@ -429,4 +429,4 @@ mkdocs serve
 
 [↑ Back to top](#uipath-typescript-sdk)
 
-</div>
+</div>

docs/authentication.md

@@ -209,4 +209,4 @@ async function testAuthentication() {
 testAuthentication();
 ```
 
-Run it: `npx ts-node test-auth.ts`
+Run it: `npx ts-node test-auth.ts`

src/core/auth/service.ts

@@ -12,6 +12,7 @@ const GUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12
 export class AuthService {
   private config: Config;
   private tokenManager: TokenManager;
+  private skipAcrValues: boolean = false;
 
   constructor(config: Config, executionContext: ExecutionContext) {
     // Only use stored OAuth context when completing an active callback (URL has ?code=).
@@ -117,6 +118,15 @@ export class AuthService {
     return this.tokenManager;
   }
 
+  /**
+   * Enables the UiPath login picker during OAuth sign-in.
+   *
+   * @internal
+   */
+  public setMultiLogin(): void {
+    this.skipAcrValues = true;
+  }
+
   /**
    * Authenticates the user based on the provided SDK configuration.
    * This method handles OAuth 2.0 authentication flow only.
@@ -344,7 +354,10 @@ export class AuthService {
       state: params.state || this.generateCodeVerifier().slice(0, 16)
     });
 
-    return `${this.config.baseUrl}/${IDENTITY_ENDPOINTS.AUTHORIZE}?${queryParams.toString()}&acr_values=${acrValues}`;
+    const authorizeUrl = `${this.config.baseUrl}/${IDENTITY_ENDPOINTS.AUTHORIZE}?${queryParams.toString()}`;
+    return this.skipAcrValues
+      ? authorizeUrl
+      : `${authorizeUrl}&acr_values=${acrValues}`;
   }
 
   /**
@@ -450,4 +463,4 @@ export class AuthService {
     url.searchParams.delete('state');
     window.history.replaceState({}, '', url.toString());
   }
-} 
+}

src/core/config/sdk-config.ts

@@ -30,4 +30,4 @@ export function hasOAuthConfig(config: { clientId?: string; redirectUri?: string
 // Type guard to check if config has secret
 export function hasSecretConfig(config: { secret?: string }): config is { secret: string } {
   return Boolean(config.secret);
-} 
+}

src/core/types.ts

@@ -22,6 +22,11 @@ export interface IUiPath {
    */
   initialize(): Promise<void>;
 
+  /**
+   * Enables the UiPath login picker during OAuth sign-in.
+   */
+  setMultiLogin(): void;
+
   /**
    * Check if the SDK has been initialized
    */

src/core/uipath.ts

@@ -47,6 +47,7 @@ export class UiPath implements IUiPath {
   #authService?: AuthService;
   #initialized: boolean = false;
   #partialConfig?: PartialUiPathConfig;
+  #multiLogin: boolean = false;
 
   /** Read-only config for user convenience */
   public readonly config!: Readonly<BaseConfig>;
@@ -85,6 +86,9 @@ export class UiPath implements IUiPath {
 
     const executionContext = new ExecutionContext();
     this.#authService = new AuthService(internalConfig, executionContext);
+    if (this.#multiLogin) {
+      this.#authService.setMultiLogin();
+    }
     this.#config = internalConfig;
 
     // Store internals in SDKInternalsRegistry (not visible on instance)
@@ -183,6 +187,16 @@ export class UiPath implements IUiPath {
     }
   }
 
+  /**
+   * Enables the UiPath login picker during OAuth sign-in.
+   *
+   * @internal
+   */
+  public setMultiLogin(): void {
+    this.#multiLogin = true;
+    this.#authService?.setMultiLogin();
+  }
+
   /**
    * Check if the SDK has been initialized
    */

tests/unit/core/auth/service.test.ts

@@ -71,6 +71,15 @@ describe('AuthService', () => {
       const parsedUrl = new URL(url);
       expect(parsedUrl.searchParams.get('acr_values')).toBe(`tenantName:${TEST_CONSTANTS.INVALID_GUID_ORG_ID}`);
     });
+
+    it('should omit acr_values when multi-login is enabled', () => {
+      const service = createService(TEST_CONSTANTS.ORGANIZATION_ID);
+      service.setMultiLogin();
+      const url = service.getAuthorizationUrl({ clientId, redirectUri, codeChallenge, scope });
+      const parsedUrl = new URL(url);
+      expect(parsedUrl.searchParams.has('acr_values')).toBe(false);
+      expect(url).not.toContain('acr_values=');
+    });
   });
 
   describe('exchangeCode', () => {

tests/unit/core/uipath.test.ts

@@ -13,6 +13,7 @@ const mockTokenManager = {
 };
 
 const mockLogout = vi.fn();
+const mockSetMultiLogin = vi.fn();
 
 vi.mock('../../../src/core/auth/service', () => {
   const AuthService: any = vi.fn().mockImplementation(() => ({
@@ -21,6 +22,7 @@ vi.mock('../../../src/core/auth/service', () => {
     getToken: () => 'mock-access-token',
     authenticateWithSecret: vi.fn(),
     authenticate: vi.fn().mockResolvedValue(true),
+    setMultiLogin: mockSetMultiLogin,
     logout: mockLogout
   }));
 
@@ -63,6 +65,30 @@ describe('UiPath Core', () => {
       expect(sdk.isInitialized()).toBe(false); // OAuth requires initialize()
     });
 
+    it('should enable multi-login on OAuth config', () => {
+      mockSetMultiLogin.mockClear();
+      const sdk = new UiPath({
+        baseUrl: TEST_CONSTANTS.BASE_URL,
+        orgName: TEST_CONSTANTS.ORGANIZATION_ID,
+        tenantName: TEST_CONSTANTS.TENANT_ID,
+        clientId: TEST_CONSTANTS.CLIENT_ID,
+        redirectUri: 'http://localhost:3000/callback',
+        scope: 'offline_access'
+      });
+
+      sdk.setMultiLogin();
+
+      expect(mockSetMultiLogin).toHaveBeenCalledOnce();
+    });
+
+    it('should allow multi-login before config is loaded', () => {
+      mockSetMultiLogin.mockClear();
+      const sdk = new UiPath();
+
+      expect(() => sdk.setMultiLogin()).not.toThrow();
+      expect(mockSetMultiLogin).not.toHaveBeenCalled();
+    });
+
     it('should validate required config fields', async () => {
       const sdk = new UiPath({
         baseUrl: '',