fix: bump uipath-langchain-client to 1.13.1 for rt_ token support#898
Open
cosminacho wants to merge 2 commits into
Open
fix: bump uipath-langchain-client to 1.13.1 for rt_ token support#898cosminacho wants to merge 2 commits into
cosminacho wants to merge 2 commits into
Conversation
Bump the `uipath-langchain-client` dependency (and the transitive `uipath-llm-client`) from 1.13.0 to 1.13.1 across all extras. 1.13.1 fixes authentication with opaque UiPath reference tokens (prefixed `rt_`). Previously `PlatformSettings` validation decoded every access token as a JWT to check expiry and extract the `client_id`, which raised `ValueError` for non-JWT `rt_` tokens — so agents authenticating with a reference token could not construct a chat model. 1.13.1 parses JWT claims best-effort and falls back gracefully for opaque tokens. Add `tests/chat/test_rt_token_auth.py` pinning this behaviour: an `rt_` reference token passes validation and is sent verbatim as the Bearer credential, while JWT parsing (claim extraction and expiry rejection) stays unchanged. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
This PR updates the project’s LangChain client dependency to a version that supports UiPath opaque reference tokens (rt_…) in PlatformSettings, and adds regression tests to ensure both reference-token and JWT behaviors remain correct.
Changes:
- Bump
uipath-langchain-client(and transitiveuipath-llm-client) from1.13.0to1.13.1acrosspyproject.tomlanduv.lock. - Add a new chat test module validating
rt_bearer auth behavior and preserving existing JWT validation semantics.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| uv.lock | Updates locked dependency versions/hashes for uipath-langchain-client and uipath-llm-client to 1.13.1. |
| pyproject.toml | Bumps uipath-langchain-client[...] version constraints to >=1.13.1,<1.14.0 across main deps and extras. |
| tests/chat/test_rt_token_auth.py | Adds regression tests for reference-token (rt_) validation and authorization header behavior, plus JWT guards. |
mypy runs with disallow_any_generics, so the bare `dict` annotations in the JWT helper need explicit type arguments. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
uipath-langchain-client(and transitiveuipath-llm-client) from 1.13.0 → 1.13.1 across all extras inpyproject.tomlanduv.lock.tests/chat/test_rt_token_auth.pycovering authentication with opaque UiPath reference tokens (rt_prefix) — the bug fixed in 1.13.1.Why
UiPath issues two kinds of access tokens: JWT bearer tokens, and opaque reference tokens prefixed
rt_that carry no client-readable claims.Before 1.13.1,
PlatformSettingsvalidation decoded every access token as a JWT (split on., base64-decode the payload) to check expiry and extractclient_id. Anrt_token has no dot-separated payload, so that decode raisedValueError— meaning an agent authenticating with a reference token could never construct a chat model.1.13.1 parses JWT claims best-effort (
try_parse_access_token) and falls back gracefully for opaque tokens, sort_tokens now pass validation and are used as the Bearer credential.Tests
tests/chat/test_rt_token_auth.pypins the behaviour so the dependency can't regress underneath us:rt_reference token passesPlatformSettingsvalidation (noclient_idextracted).rt_token is sent verbatim asAuthorization: Bearer rt_….client_idclaim is still extracted, and an expired JWT is still rejected.All 262 chat tests pass; ruff check + format clean.
🤖 Generated with Claude Code