Skip to content

BUG - OpenAPI Handler fails with discriminator + oneOf for form-urlencoded requests #9106

New issue
New issue
Open
#9107
Open
BUG - OpenAPI Handler fails with discriminator + oneOf for form-urlencoded requests#9106
#9107
@LeftoversTodayAppAdmin

Description

@LeftoversTodayAppAdmin
LeftoversTodayAppAdmin
opened on Dec 30, 2025

Environment

  • Package: @omnigraph/openapi
  • GraphQL Mesh Version: latest
  • Node Version: 20.16.0

Description

The OpenAPI handler fails to properly handle POST requests with application/x-www-form-urlencoded content type when the request body schema uses discriminator with oneOf structure. The API returns "missing required parameters" error even when all parameters are provided.

Steps to Reproduce

  1. Use an OpenAPI spec with the following characteristics:

    • POST endpoint with application/x-www-form-urlencoded request body
    • Request body schema uses oneOf with discriminator
    • Example: USPS OAuth2 token endpoint

  2. Configure GraphQL Mesh with the spec:

{
  sourceHandler: loadOpenAPISubgraph('USPS_Token', {
    source: './openapi-spec.yaml',
    operationHeaders: {
      'Content-Type': 'application/x-www-form-urlencoded',
    }
  })
}
  1. Call the generated mutation with required parameters

Example OpenAPI Spec Structure

paths:
  /token:
    post:
      requestBody:
        content:
          application/x-www-form-urlencoded:
            schema:
              discriminator:
                propertyName: grant_type
                mapping:
                  client_credentials: '#/components/schemas/ClientCredentials'
              oneOf:
                - $ref: '#/components/schemas/ClientCredentials'

Full spec available: oauth2_3_update.yaml

Expected Behavior

The handler should:

  1. Properly serialize form-urlencoded data even with discriminator/oneOf schemas
  2. Include all required parameters in the request body
  3. Successfully call the API endpoint

Actual Behavior

The API returns: "The request is missing one or more required parameters or is otherwise malformed"

This suggests the parameters are not being properly serialized or sent in the request body.

Workaround

Create a simplified OpenAPI spec without discriminator and oneOf:

paths:
  /token:
    post:
      requestBody:
        required: true
        content:
          application/x-www-form-urlencoded:
            schema:
              type: object
              required:
                - grant_type
                - client_id
                - client_secret
              properties:
                grant_type:
                  type: string
                  enum: [client_credentials]
                client_id:
                  type: string
                client_secret:
                  type: string
                scope:
                  type: string

With this simplified spec, the same mutation works correctly.

Additional Context

  • The same OpenAPI spec works correctly with WunderGraph
  • Issue specifically occurs with form-urlencoded content type + discriminator pattern
  • This is a common pattern in OAuth 2.0 token endpoints

Possible Root Cause

The OpenAPI handler may not be correctly handling the discriminator + oneOf pattern when serializing to application/x-www-form-urlencoded format, possibly:

  1. Not flattening the discriminated union properties
  2. Not correctly mapping the discriminator value
  3. Sending JSON structure instead of form-encoded key-value pairs

Related

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions