Skip to content

fix(spec): add discriminator to IdentityProvider.protocol to fix SAML…#1695

Open
manmohan-shaw-okta wants to merge 1 commit into
masterfrom
OKTA-1175444
Open

fix(spec): add discriminator to IdentityProvider.protocol to fix SAML…#1695
manmohan-shaw-okta wants to merge 1 commit into
masterfrom
OKTA-1175444

Conversation

@manmohan-shaw-okta

@manmohan-shaw-okta manmohan-shaw-okta commented Jun 11, 2026

Copy link
Copy Markdown

…/OIDC field dropping (OKTA-1175444)

The protocol field in IdentityProvider used a discriminator-less oneOf, causing the OpenAPI generator to produce a flat IdentityProviderProtocol class with wrong field types (OidcAlgorithms, IDVCredentials, IDVEndpoints, OidcSettings). On deserialization, SAML-specific fields (sso.url, trust.issuer, nameFormat, etc.) were silently dropped and OIDC-shaped endpoints were invented, corrupting IdP configurations on write-back.

  • Add IdentityProviderProtocol as a named base schema with discriminator (propertyName: type, mapping SAML2/OIDC/OAUTH2/MTLS/ID_PROOFING)
  • Convert ProtocolSaml, ProtocolOidc, ProtocolOAuth, ProtocolMtls, ProtocolIdVerification to extend the base via allOf
  • Generated code: ProtocolSaml/Oidc/etc. now extend IdentityProviderProtocol with correct protocol-specific field types; Jackson @JsonTypeInfo + @JsonSubTypes on the base class dispatches deserialization by type value
  • Add IdentityProviderProtocolDeserializerTest (14 tests) covering SAML2 endpoint/credential/settings fields, OIDC pkce_required preservation, round-trip fidelity, and absence of invented OIDC fields on SAML2 output

Co-Authored-By: Claude Code

Issue(s)

Description

Category

  • Bugfix
  • Enhancement
  • New Feature
  • Library Upgrade
  • Configuration Change
  • Versioning Change
  • Unit or Integration Test(s)
  • Documentation

Signoff

  • I have submitted a CLA for this PR
  • Each commit message explains what the commit does
  • I have updated documentation to explain what my PR does
  • My code is covered by tests if required
  • I did not edit any automatically generated files

@manmohan-shaw-okta
fix(spec): add discriminator to IdentityProvider.protocol to fix SAML…
13099d4 
…/OIDC field dropping (OKTA-1175444)

The protocol field in IdentityProvider used a discriminator-less oneOf,
causing the OpenAPI generator to produce a flat IdentityProviderProtocol
class with wrong field types (OidcAlgorithms, IDVCredentials, IDVEndpoints,
OidcSettings). On deserialization, SAML-specific fields (sso.url,
trust.issuer, nameFormat, etc.) were silently dropped and OIDC-shaped
endpoints were invented, corrupting IdP configurations on write-back.

- Add IdentityProviderProtocol as a named base schema with discriminator
  (propertyName: type, mapping SAML2/OIDC/OAUTH2/MTLS/ID_PROOFING)
- Convert ProtocolSaml, ProtocolOidc, ProtocolOAuth, ProtocolMtls,
  ProtocolIdVerification to extend the base via allOf
- Generated code: ProtocolSaml/Oidc/etc. now extend IdentityProviderProtocol
  with correct protocol-specific field types; Jackson @JsonTypeInfo +
  @JsonSubTypes on the base class dispatches deserialization by type value
- Add IdentityProviderProtocolDeserializerTest (14 tests) covering SAML2
  endpoint/credential/settings fields, OIDC pkce_required preservation,
  round-trip fidelity, and absence of invented OIDC fields on SAML2 output

Co-Authored-By: Claude Code
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prachi-okta prachi-okta Awaiting requested review from prachi-okta prachi-okta is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@manmohan-shaw-okta