From e7caf4a0d20edf7effa4bd8c4cda56354c9a1ea7 Mon Sep 17 00:00:00 2001
From: Matt Raible <matt.raible@crowdstrike.com>
Date: Tue, 3 Feb 2026 14:06:26 -0700
Subject: [PATCH] Fix 6 OpenAPI spec validation errors

The spec fails validation with Redocly CLI due to structural issues:

1. OAuth2ClientJsonSigningKeyRequest: `discriminator` and `required` were
   incorrectly nested inside `properties` instead of at the schema level

2. EnhancedDynamicNetworkZone: `include` and `exclude` properties used
   array syntax (`- $ref:`) instead of direct reference syntax (`$ref:`)

3. OAuth2ClientJsonWebKeyECRequest: typo `nullabe` corrected to `nullable`

Validation command: `npx @redocly/cli lint api.yaml`

Before: 6 errors, 1218 warnings
After: 0 errors, 1199 warnings

Fixes #1672
---
 src/swagger/api.yaml | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/src/swagger/api.yaml b/src/swagger/api.yaml
index 86d3ad01250..d88e5c8b7f1 100644
--- a/src/swagger/api.yaml
+++ b/src/swagger/api.yaml
@@ -64850,9 +64850,9 @@ components:
               description: The list of geolocations to include or exclude for an Enhanced Dynamic Network Zone
               properties:
                 include:
-                    - $ref: '#/components/schemas/NetworkZoneLocationArray'
+                  $ref: '#/components/schemas/NetworkZoneLocationArray'
                 exclude:
-                    - $ref: '#/components/schemas/NetworkZoneLocationArray'
+                  $ref: '#/components/schemas/NetworkZoneLocationArray'
             ipServiceCategories:
               x-okta-lifecycle:
                 lifecycle: GA
@@ -70187,15 +70187,15 @@ components:
           nullable: false
           enum:
             - sig
-        discriminator:
-          propertyName: kty
-          mapping:
-            RSA: '#/components/schemas/OAuth2ClientJsonWebKeyRsaRequest'
-            EC: '#/components/schemas/OAuth2ClientJsonWebKeyECRequest'
-        required:
-          - kty
-          - alg
-          - use
+      discriminator:
+        propertyName: kty
+        mapping:
+          RSA: '#/components/schemas/OAuth2ClientJsonWebKeyRsaRequest'
+          EC: '#/components/schemas/OAuth2ClientJsonWebKeyECRequest'
+      required:
+        - kty
+        - alg
+        - use
     OAuth2ClientJsonSigningKeyResponse:
       title: Signing Key
       description: A [JSON Web Key (JWK)](https://tools.ietf.org/html/rfc7517) is a JSON representation of a cryptographic key. Okta uses signing keys to verify the signature of a JWT when provided for the `private_key_jwt` client authentication method or for a signed authorize request object. Okta supports both RSA and Elliptic Curve (EC) keys for signing tokens.
@@ -70287,7 +70287,7 @@ components:
         y:
           type: string
           description: The public y coordinate for the elliptic curve point
-          nullabe: false
+          nullable: false
         crv:
           type: string
           description: The cryptographic curve used with the key