fix: handle nullable discriminator fields in JWKS models#514
fix: handle nullable discriminator fields in JWKS models#514BinoyOza-okta merged 4 commits intomasterfrom
Conversation
Fixes deserialization failures when Okta API returns null values for discriminator fields in JWKS (JSON Web Key) responses. Changes: - Updated OpenAPI spec to mark JWKS fields as nullable (created, lastUpdated, kty, alg, use, e, n) - Added null discriminator handling in model_generic.mustache template - Updated documentation to reflect nullable fields All changes are template-based to survive SDK regeneration. Resolves customer-reported issues where list_applications() failed with "ValueError: Failed to lookup data type from the field `use`" when JWKS keys contained null values.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
aniket-okta
left a comment
aniket-okta
left a comment
There was a problem hiding this comment.
Checked out branch 1127600, ran 16/16 tests (9 unit + 7 integration) against the preview org. Three critical bugs confirmed — each with a failing test proving it. Fixes applied locally, all tests pass.
- Added e, n fields to OAuth2ClientJsonWebKeyRsaResponse __properties and from_dict() - Added x, y, crv fields to OAuth2ClientJsonWebKeyECResponse __properties and from_dict() - Marked crv as optional (nullable) per API specification (x, y remain required) - Added null preservation for e, n, crv in to_dict() methods This ensures RSA and EC JWKS keys properly serialize/deserialize all subclass-specific fields.
…was not necessary with respect to the scope of current requirements.
aniket-okta
left a comment
aniket-okta
left a comment
There was a problem hiding this comment.
Review pass 2 — branch re-tested at 0733553e after the two new commits.
Ran 29/29 unit tests (RSA, EC, discriminator, round-trip) + live-org integration against all 18 apps. All RSA e/n fields now correctly populated; EC x/y/crv round-trip clean. Two items remain open — see inline comments.
aniket-okta
left a comment
aniket-okta
left a comment
There was a problem hiding this comment.
✅ Approved — verified at 35a3da45.
29/29 unit tests pass, live-org integration clean across all 18 apps. RSA e/n and EC x/y/crv correctly serialized. kty correctly back to required per API spec.
One follow-up: please commit the test files (test_jwks_models_comprehensive.py, test_model_contradictions.py) into tests/ so they run in CI.
2 participants
Fix: Handle Nullable Discriminator Fields in JWKS Models
Summary
This PR fixes JWKS (JSON Web Key) deserialization failures when the Okta API returns null values for fields that were incorrectly marked as required in the OpenAPI specification. The fix is template-based to ensure it persists through SDK regeneration.
Problem
Customers reported that
list_applications()would fail with:This occurred when JWKS keys in application credentials contained null values for fields like
use,kid, orkty, which are common in real Okta API responses.Solution
Template Changes (Permanent)
openapi/templates/model_generic.mustachefrom_dict()methodopenapi/api.yamlnullable: true:created,lastUpdated,kty,alg,use,e,nrequiredlistsOther Changes
[nullable]tagsFiles Changed
Templates (Permanent):
openapi/templates/model_generic.mustacheopenapi/api.yamlGenerated Models (Auto-regenerated):
okta/models/Documentation:
docs/OAuth2ClientJsonSigningKeyResponse.mddocs/OAuth2ClientJsonWebKeyRsaResponse.mdBackward Compatibility
✅ 100% backward compatible
Usage Example
Before (Broken):
After (Fixed):