Accept nil values for attribiutes defined as required and read-only.#161
Merged
q-uint merged 1 commit intoelimity-com:masterfrom Mar 24, 2026
Merged
Accept nil values for attribiutes defined as required and read-only.#161q-uint merged 1 commit intoelimity-com:masterfrom
q-uint merged 1 commit intoelimity-com:masterfrom
Conversation
This is particularly relevant for the id attribute, which is typically defined as required and read-only. It is assigned by the IdP, and required to be returned. It should not be required to be specified on POST/PUT/PATCH.
q-uint
approved these changes
Mar 24, 2026
Collaborator
q-uint
left a comment
q-uint
left a comment
There was a problem hiding this comment.
LGTM. This aligns with the RFC:
- RFC 7643 Section 3.1:
idisrequiredandreadOnly, meaning the service provider assigns it, not the client. - RFC 7644 Section 3.3: attributes with
mutability: readOnly"SHALL be ignored" by the server in POST/PUT requests.
Arequired + readOnlyattribute is required in the response (server must populate it), not in the request. The current code rejects the request before it ever reaches the readOnly check. This fix correctly reorders that logic.
No concern about weakening outgoing validation either: Schema.Validate is only called on incoming POST/PUT requests (see comment in schema.go).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is particularly relevant for the id attribute, which is typically defined as required and read-only. It is assigned by the IdP, and required to be returned. It should not be required to be specified on POST/PUT/PATCH.