Skip to content

Commit ae8e288

Browse files
BinoyOza-oktaBinoyOza-okta
authored
fix: Handle unknown Application signOnMode values gracefully (#511)
* feat: Handle unknown signOnMode values gracefully in Application models Implement custom ApplicationJsonConverter to handle unknown, null, and future signOnMode values without breaking SDK functionality. This enables forward compatibility when Okta introduces new application types. Key changes: - Add ApplicationJsonConverter for polymorphic Application deserialization - Route null signOnMode to ActiveDirectoryApplication - Preserve unknown signOnMode values for round-trip fidelity - Make sign_on_mode Optional to support null values - Store original unknown values in _original_sign_on_mode attribute - Use model_validate() to avoid recursion in from_dict() - Use model_dump(mode='json') for proper enum serialization The converter is only required in the base Application class as: 1. Unknown modes are architecturally impossible in subclasses 2. ApiClient.sanitize_for_serialization() handles enum conversion 3. Subclasses can only have known enum values (enforced by Pydantic) This implementation matches the .NET SDK approach where unknown modes are handled gracefully without spec changes. Fixes: Unknown signOnMode values causing ValidationError * - Removed MFA_AS_SERVICE sign on mode as we have added the support for handling unknown signOnModes. - Updated application_json_converter.mustache for flake8 issues.
1 parent 1218542 commit ae8e288

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

45 files changed

+1273
-173
lines changed

docs/ActiveDirectoryApplication.md

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
# ActiveDirectoryApplication
2+
3+
Active Directory application for directory integrations. This application type has a null signOnMode.
4+
5+
## Properties
6+
7+
Name | Type | Description | Notes
8+
------------ | ------------- | ------------- | -------------
9+
**name** | **str** | Unique key for the Active Directory app definition. Always 'active_directory' for AD apps. | [optional] [readonly]
10+
**settings** | [**ActiveDirectoryApplicationSettings**](ActiveDirectoryApplicationSettings.md) | | [optional]
11+
12+
## Example
13+
14+
```python
15+
from okta.models.active_directory_application import ActiveDirectoryApplication
16+
17+
# TODO update the JSON string below
18+
json = "{}"
19+
# create an instance of ActiveDirectoryApplication from a JSON string
20+
active_directory_application_instance = ActiveDirectoryApplication.from_json(json)
21+
# print the JSON string representation of the object
22+
print(ActiveDirectoryApplication.to_json())
23+
24+
# convert the object into a dict
25+
active_directory_application_dict = active_directory_application_instance.to_dict()
26+
# create an instance of ActiveDirectoryApplication from a dict
27+
active_directory_application_from_dict = ActiveDirectoryApplication.from_dict(active_directory_application_dict)
28+
```
29+
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
30+
31+

docs/ActiveDirectoryApplicationSettings.md

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
# ActiveDirectoryApplicationSettings
2+
3+
Settings for Active Directory applications
4+
5+
## Properties
6+
7+
Name | Type | Description | Notes
8+
------------ | ------------- | ------------- | -------------
9+
**em_opt_in_status** | **str** | The entitlement management opt-in status for the app | [optional] [readonly]
10+
**identity_store_id** | **str** | Identifies an additional identity store app, if your app supports it. The `identityStoreId` value must be a valid identity store app ID. This identity store app must be created in the same org as your app. | [optional]
11+
**implicit_assignment** | **bool** | Controls whether Okta automatically assigns users to the app based on the user's role or group membership. | [optional]
12+
**inline_hook_id** | **str** | Identifier of an inline hook. Inline hooks are outbound calls from Okta to your own custom code, triggered at specific points in Okta process flows. They allow you to integrate custom functionality into those flows. See [Inline hooks](/openapi/okta-management/management/tag/InlineHook/). | [optional]
13+
**notes** | [**ApplicationSettingsNotes**](ApplicationSettingsNotes.md) | | [optional]
14+
**notifications** | [**ApplicationSettingsNotifications**](ApplicationSettingsNotifications.md) | | [optional]
15+
**app** | [**ActiveDirectoryApplicationSettingsApplication**](ActiveDirectoryApplicationSettingsApplication.md) | | [optional]
16+
17+
## Example
18+
19+
```python
20+
from okta.models.active_directory_application_settings import ActiveDirectoryApplicationSettings
21+
22+
# TODO update the JSON string below
23+
json = "{}"
24+
# create an instance of ActiveDirectoryApplicationSettings from a JSON string
25+
active_directory_application_settings_instance = ActiveDirectoryApplicationSettings.from_json(json)
26+
# print the JSON string representation of the object
27+
print(ActiveDirectoryApplicationSettings.to_json())
28+
29+
# convert the object into a dict
30+
active_directory_application_settings_dict = active_directory_application_settings_instance.to_dict()
31+
# create an instance of ActiveDirectoryApplicationSettings from a dict
32+
active_directory_application_settings_from_dict = ActiveDirectoryApplicationSettings.from_dict(active_directory_application_settings_dict)
33+
```
34+
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
35+
36+

docs/ActiveDirectoryApplicationSettingsApplication.md

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
# ActiveDirectoryApplicationSettingsApplication
2+
3+
App-specific settings for Active Directory applications
4+
5+
## Properties
6+
7+
Name | Type | Description | Notes
8+
------------ | ------------- | ------------- | -------------
9+
**activation_email** | **str** | Email address to send activation emails | [optional]
10+
**filter_groups_by_ou** | **bool** | Whether to filter groups by organizational unit | [optional]
11+
**jit_groups_across_domains** | **bool** | Whether to enable just-in-time provisioning of groups across domains | [optional]
12+
**login** | **str** | Login username for AD connection | [optional]
13+
**naming_context** | **str** | The AD domain naming context (e.g., 'corp.local') | [optional]
14+
**password** | **str** | Password for AD connection | [optional]
15+
**scan_rate** | **int** | Rate at which to scan the AD directory | [optional]
16+
**search_org_unit** | **str** | Organizational unit to search within | [optional]
17+
18+
## Example
19+
20+
```python
21+
from okta.models.active_directory_application_settings_application import ActiveDirectoryApplicationSettingsApplication
22+
23+
# TODO update the JSON string below
24+
json = "{}"
25+
# create an instance of ActiveDirectoryApplicationSettingsApplication from a JSON string
26+
active_directory_application_settings_application_instance = ActiveDirectoryApplicationSettingsApplication.from_json(json)
27+
# print the JSON string representation of the object
28+
print(ActiveDirectoryApplicationSettingsApplication.to_json())
29+
30+
# convert the object into a dict
31+
active_directory_application_settings_application_dict = active_directory_application_settings_application_instance.to_dict()
32+
# create an instance of ActiveDirectoryApplicationSettingsApplication from a dict
33+
active_directory_application_settings_application_from_dict = ActiveDirectoryApplicationSettingsApplication.from_dict(active_directory_application_settings_application_dict)
34+
```
35+
[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
36+
37+

docs/Application.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ Name | Type | Description | Notes
1515
**licensing** | [**ApplicationLicensing**](ApplicationLicensing.md) | | [optional]
1616
**orn** | **str** | The Okta resource name (ORN) for the current app instance | [optional] [readonly]
1717
**profile** | **Dict[str, object]** | Contains any valid JSON schema for specifying properties that can be referenced from a request (only available to OAuth 2.0 client apps). For example, add an app manager contact email address or define an allowlist of groups that you can then reference using the Okta Expression Language `getFilteredGroups` function. > **Notes:** > * `profile` isn't encrypted, so don't store sensitive data in it. > * `profile` doesn't limit the level of nesting in the JSON schema you created, but there is a practical size limit. Okta recommends a JSON schema size of 1 MB or less for best performance. | [optional]
18-
**sign_on_mode** | [**ApplicationSignOnMode**](ApplicationSignOnMode.md) | |
18+
**sign_on_mode** | [**ApplicationSignOnMode**](ApplicationSignOnMode.md) | | [optional]
1919
**status** | [**ApplicationLifecycleStatus**](ApplicationLifecycleStatus.md) | | [optional]
2020
**universal_logout** | [**ApplicationUniversalLogout**](ApplicationUniversalLogout.md) | | [optional]
2121
**visibility** | [**ApplicationVisibility**](ApplicationVisibility.md) | | [optional]

docs/ApplicationSignOnMode.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# ApplicationSignOnMode
22

3-
Authentication mode for the app | signOnMode | Description | | ---------- | ----------- | | AUTO_LOGIN | Secure Web Authentication (SWA) | | BASIC_AUTH | HTTP Basic Authentication with Okta Browser Plugin | | BOOKMARK | Just a bookmark (no-authentication) | | BROWSER_PLUGIN | Secure Web Authentication (SWA) with Okta Browser Plugin | | OPENID_CONNECT | Federated Authentication with OpenID Connect (OIDC) | | SAML_1_1 | Federated Authentication with SAML 1.1 WebSSO (not supported for custom apps) | | SAML_2_0 | Federated Authentication with SAML 2.0 WebSSO | | SECURE_PASSWORD_STORE | Secure Web Authentication (SWA) with POST (plugin not required) | | WS_FEDERATION | Federated Authentication with WS-Federation Passive Requestor Profile | | MFA_AS_SERVICE | Application to use Okta's MFA as a service for RDP | Select the `signOnMode` for your custom app:
3+
Authentication mode for the app | signOnMode | Description | | ---------- | ----------- | | AUTO_LOGIN | Secure Web Authentication (SWA) | | BASIC_AUTH | HTTP Basic Authentication with Okta Browser Plugin | | BOOKMARK | Just a bookmark (no-authentication) | | BROWSER_PLUGIN | Secure Web Authentication (SWA) with Okta Browser Plugin | | OPENID_CONNECT | Federated Authentication with OpenID Connect (OIDC) | | SAML_1_1 | Federated Authentication with SAML 1.1 WebSSO (not supported for custom apps) | | SAML_2_0 | Federated Authentication with SAML 2.0 WebSSO | | SECURE_PASSWORD_STORE | Secure Web Authentication (SWA) with POST (plugin not required) | | WS_FEDERATION | Federated Authentication with WS-Federation Passive Requestor Profile | Select the `signOnMode` for your custom app:
44

55
## Properties
66

okta/__init__.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -191,6 +191,9 @@
191191
"ActionProviderPayloadType": "okta.models.action_provider_payload_type",
192192
"ActionProviderType": "okta.models.action_provider_type",
193193
"Actions": "okta.models.actions",
194+
"ActiveDirectoryApplication": "okta.models.active_directory_application",
195+
"ActiveDirectoryApplicationSettings": "okta.models.active_directory_application_settings",
196+
"ActiveDirectoryApplicationSettingsApplication": "okta.models.active_directory_application_settings_application",
194197
"ActiveDirectoryGroupScope": "okta.models.active_directory_group_scope",
195198
"ActiveDirectoryGroupType": "okta.models.active_directory_group_type",
196199
"AddGroupRequest": "okta.models.add_group_request",

okta/models/__init__.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@
3636
'AppConfigActiveDirectory',
3737
],
3838
'application': [
39+
'ActiveDirectoryApplication',
3940
'Application',
4041
'AutoLoginApplication',
4142
'BasicAuthApplication',
@@ -391,6 +392,9 @@
391392
"ActionProviderPayloadType": "okta.models.action_provider_payload_type",
392393
"ActionProviderType": "okta.models.action_provider_type",
393394
"Actions": "okta.models.actions",
395+
"ActiveDirectoryApplication": "okta.models.active_directory_application",
396+
"ActiveDirectoryApplicationSettings": "okta.models.active_directory_application_settings",
397+
"ActiveDirectoryApplicationSettingsApplication": "okta.models.active_directory_application_settings_application",
394398
"ActiveDirectoryGroupScope": "okta.models.active_directory_group_scope",
395399
"ActiveDirectoryGroupType": "okta.models.active_directory_group_type",
396400
"AddGroupRequest": "okta.models.add_group_request",

okta/models/action_provider.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ class ActionProvider(BaseModel):
6868
@classmethod
6969
def get_discriminator_value(cls, obj: Dict[str, Any]) -> Optional[str]:
7070
"""Returns the discriminator value (object type) of the data"""
71-
discriminator_value = obj[cls.__discriminator_property_name]
71+
discriminator_value = obj.get(cls.__discriminator_property_name)
7272
if discriminator_value:
7373
return cls.__discriminator_value_class_map.get(discriminator_value)
7474
else:

0 commit comments

Comments
 (0)