It also has an additional example that raises the question about auth where a url request may be intercepted and redirected to a login page. The example here uses a preload script to show the provider window if it believes the window has been redirected to a login page and to hide it once more once login is complete. An alternative approach may be to set autoShow to true in the config and have your bootstrap set it to hidden when it runs. This may however result in a brief flash of UI as the window loads and then is hidden.
You are running OpenFin Runtime version: