fix: make grant_types optional in OpenIdConnectApplicationSettingsClient

alexander-vyh · alexander-vyh · commit d6a5fe0290f8 · 2026-02-27T16:01:48.000-08:00
The Okta API does not always return grant_types in OIDC app responses, but the OpenAPI spec marks it as required, causing UnmarshalJSON to fail with "no value given for required property grant_types". Applies the same fix pattern introduced in okta#559 (buttonField, allowMultipleAcsEndpoints) to a field that PR did not cover. Verified against a real Okta org: zero unmarshal errors across all apps after this change.
diff --git a/okta/model_open_id_connect_application_settings_client.go b/okta/model_open_id_connect_application_settings_client.go
@@ -25,7 +25,6 @@ package okta
 
 import (
 	"encoding/json"
-	"fmt"
 )
 
 // checks if the OpenIdConnectApplicationSettingsClient type satisfies the MappedNullable interface at compile time
@@ -51,7 +50,7 @@ type OpenIdConnectApplicationSettingsClient struct {
 	FrontchannelLogoutSessionRequired *bool `json:"frontchannel_logout_session_required,omitempty"`
 	// <x-lifecycle-container><x-lifecycle class=\"ea\"></x-lifecycle> <x-lifecycle class=\"oie\"></x-lifecycle></x-lifecycle-container>URL where Okta sends the logout request
 	FrontchannelLogoutUri *string  `json:"frontchannel_logout_uri,omitempty"`
-	GrantTypes            []string `json:"grant_types"`
+	GrantTypes            []string `json:"grant_types,omitempty"`
 	// <x-lifecycle-container><x-lifecycle class=\"ea\"></x-lifecycle></x-lifecycle-container>JWE alg algorithm for encrypting the ID token issued to this client. If this is requested, the response is signed, and then encrypted with the result being a nested JWT. The default, if omitted, is that no encryption is performed. See the [Application Public Keys API](/openapi/okta-management/management/tag/ApplicationSSOPublicKeys/) for more information on encryption keys. See [Key management](https://developer.okta.com/docs/guides/key-management/main/) for more information on how encryption keys are used.
 	IdTokenEncryptedResponseAlg *string                                    `json:"id_token_encrypted_response_alg,omitempty"`
 	IdpInitiatedLogin           *OpenIdConnectApplicationIdpInitiatedLogin `json:"idp_initiated_login,omitempty"`
@@ -95,13 +94,12 @@ type _OpenIdConnectApplicationSettingsClient OpenIdConnectApplicationSettingsCli
 // This constructor will assign default values to properties that have it defined,
 // and makes sure properties required by API are set, but the set of arguments
 // will change when the set of required properties is changed
-func NewOpenIdConnectApplicationSettingsClient(grantTypes []string) *OpenIdConnectApplicationSettingsClient {
+func NewOpenIdConnectApplicationSettingsClient() *OpenIdConnectApplicationSettingsClient {
 	this := OpenIdConnectApplicationSettingsClient{}
 	var consentMethod string = "TRUSTED"
 	this.ConsentMethod = &consentMethod
 	var dpopBoundAccessTokens bool = false
 	this.DpopBoundAccessTokens = &dpopBoundAccessTokens
-	this.GrantTypes = grantTypes
 	return &this
 }
 
@@ -405,20 +403,19 @@ func (o *OpenIdConnectApplicationSettingsClient) SetFrontchannelLogoutUri(v stri
 	o.FrontchannelLogoutUri = &v
 }
 
-// GetGrantTypes returns the GrantTypes field value
+// GetGrantTypes returns the GrantTypes field value if set, zero value otherwise.
 func (o *OpenIdConnectApplicationSettingsClient) GetGrantTypes() []string {
-	if o == nil {
+	if o == nil || o.GrantTypes == nil {
 		var ret []string
 		return ret
 	}
-
 	return o.GrantTypes
 }
 
-// GetGrantTypesOk returns a tuple with the GrantTypes field value
+// GetGrantTypesOk returns a tuple with the GrantTypes field value if set, nil otherwise
 // and a boolean to check if the value has been set.
 func (o *OpenIdConnectApplicationSettingsClient) GetGrantTypesOk() ([]string, bool) {
-	if o == nil {
+	if o == nil || o.GrantTypes == nil {
 		return nil, false
 	}
 	return o.GrantTypes, true
@@ -1074,7 +1071,9 @@ func (o OpenIdConnectApplicationSettingsClient) ToMap() (map[string]interface{},
 	if !IsNil(o.FrontchannelLogoutUri) {
 		toSerialize["frontchannel_logout_uri"] = o.FrontchannelLogoutUri
 	}
-	toSerialize["grant_types"] = o.GrantTypes
+	if o.GrantTypes != nil {
+		toSerialize["grant_types"] = o.GrantTypes
+	}
 	if !IsNil(o.IdTokenEncryptedResponseAlg) {
 		toSerialize["id_token_encrypted_response_alg"] = o.IdTokenEncryptedResponseAlg
 	}
@@ -1141,27 +1140,6 @@ func (o OpenIdConnectApplicationSettingsClient) ToMap() (map[string]interface{},
 }
 
 func (o *OpenIdConnectApplicationSettingsClient) UnmarshalJSON(data []byte) (err error) {
-	// This validates that all required properties are included in the JSON object
-	// by unmarshalling the object into a generic map with string keys and checking
-	// that every required field exists as a key in the generic map.
-	requiredProperties := []string{
-		"grant_types",
-	}
-
-	allProperties := make(map[string]interface{})
-
-	err = json.Unmarshal(data, &allProperties)
-
-	if err != nil {
-		return err
-	}
-
-	for _, requiredProperty := range requiredProperties {
-		if _, exists := allProperties[requiredProperty]; !exists {
-			return fmt.Errorf("no value given for required property %v", requiredProperty)
-		}
-	}
-
 	varOpenIdConnectApplicationSettingsClient := _OpenIdConnectApplicationSettingsClient{}
 
 	err = json.Unmarshal(data, &varOpenIdConnectApplicationSettingsClient)
