fix: make grant_types optional in OpenIdConnectApplicationSettingsClient

Rebased onto master after v6.1.0 openapi spec regeneration.

The Okta API does not require grant_types when creating an OIDC
application client — it defaults to [authorization_code]. The
generated Go SDK incorrectly marks grant_types as a required property,
which forces callers to supply an empty array just to satisfy the
constructor signature and triggers a JSON unmarshal error on responses
where grant_types isn't present.

This change:
- Removes the required: [grant_types] entry from the two source
  OpenAPI spec files (.generator/*.yaml and okta/api/openapi.yaml)
- Regenerates the affected Go model:
  - GrantTypes json tag gains omitempty
  - NewOpenIdConnectApplicationSettingsClient no longer takes a
    grantTypes parameter
  - GetGrantTypes/GetGrantTypesOk handle nil GrantTypes
  - UnmarshalJSON drops the requiredProperties check for grant_types
  - ToMap skips grant_types when nil

Author: alexander-vyh

.generator/okta-management-APIs-oasv3-noEnums-inheritance.yaml

@@ -44553,8 +44553,6 @@ components:
               For example, if `https://redirect-*-domain.example.com/oidc/redirect` is configured as a redirect URI, then `https://redirect-1-domain.example.com/oidc/redirect` and `https://redirect-sub-domain.example.com/oidc/redirect` match, but `https://redirect-1.sub-domain.example.com/oidc/redirect` doesn't match.
               Only the `https` URI scheme can use wildcard redirect URIs.
               > **Note:** The use of wildcard subdomains is discouraged as an insecure practice, since it may allow malicious actors to have tokens or authorization codes sent to unexpected or attacker-controlled pages. Exercise caution if you decide to include a wildcard redirect URI in your configuration.
-      required:
-        - grant_types
     OpenIdConnectApplicationSettingsClientKeys:
       description: A [JSON Web Key Set](https://tools.ietf.org/html/rfc7517#section-5) for validating JWTs presented to Okta or for encrypting ID tokens minted by Okta for the client
       type: object

README.md

@@ -549,7 +549,7 @@ func main() {
   }
   client := okta.NewAPIClient(config)
 
-  settingClient := okta.NewOpenIdConnectApplicationSettingsClient([]string{"grantTypes"})
+  settingClient := okta.NewOpenIdConnectApplicationSettingsClient()
   settingClient.SetClientUri("https://example.com/client")
   settingClient.SetLogoUri("https://example.com/assets/images/logo-new.png")
   settingClient.SetResponseTypes([]string{"token", "id_token", "code"})

okta/api/openapi.yaml

@@ -70077,8 +70077,6 @@ components:
               For example, if `https://redirect-*-domain.example.com/oidc/redirect` is configured as a redirect URI, then `https://redirect-1-domain.example.com/oidc/redirect` and `https://redirect-sub-domain.example.com/oidc/redirect` match, but `https://redirect-1.sub-domain.example.com/oidc/redirect` doesn't match.
               Only the `https` URI scheme can use wildcard redirect URIs.
               > **Note:** The use of wildcard subdomains is discouraged as an insecure practice, since it may allow malicious actors to have tokens or authorization codes sent to unexpected or attacker-controlled pages. Exercise caution if you decide to include a wildcard redirect URI in your configuration.
-      required:
-      - grant_types
       type: object
     OpenIdConnectApplicationSettingsClientKeys:
       description: "A [JSON Web Key Set](https://tools.ietf.org/html/rfc7517#section-5)\

okta/docs/OpenIdConnectApplicationSettingsClient.md

@@ -13,7 +13,7 @@ Name | Type | Description | Notes
 **DpopBoundAccessTokens** | Pointer to **bool** | Indicates that the client application uses Demonstrating Proof-of-Possession (DPoP) for token requests. If `true`, the authorization server rejects token requests from this client that don't contain the DPoP header. > **Note:** If `dpop_bound_access_tokens` is true, then `client_credentials` and `implicit` aren't allowed in `grant_types`.  | [optional] [default to false]
 **FrontchannelLogoutSessionRequired** | Pointer to **bool** | <x-lifecycle-container><x-lifecycle class=\"ea\"></x-lifecycle> <x-lifecycle class=\"oie\"></x-lifecycle></x-lifecycle-container>Determines whether Okta sends `sid` and `iss` in the logout request | [optional] 
 **FrontchannelLogoutUri** | Pointer to **string** | <x-lifecycle-container><x-lifecycle class=\"ea\"></x-lifecycle> <x-lifecycle class=\"oie\"></x-lifecycle></x-lifecycle-container>URL where Okta sends the logout request | [optional] 
-**GrantTypes** | **[]string** |  | 
+**GrantTypes** | **[]string** |  | [optional] 
 **IdTokenEncryptedResponseAlg** | Pointer to **string** | JWE alg algorithm for encrypting the ID token issued to this client. If this is requested, the response is signed, and then encrypted with the result being a nested JWT. The default, if omitted, is that no encryption is performed. See the [Application Public Keys API](/openapi/okta-management/management/applicationssopublickeys/) for more information on encryption keys. See [Key management](https://developer.okta.com/docs/guides/key-management/main/) for more information on how encryption keys are used. | [optional] 
 **IdpInitiatedLogin** | Pointer to [**OpenIdConnectApplicationIdpInitiatedLogin**](OpenIdConnectApplicationIdpInitiatedLogin.md) |  | [optional] 
 **InitiateLoginUri** | Pointer to **string** | URL string that a third party can use to initiate the sign-in flow by the client | [optional] 
@@ -38,7 +38,7 @@ Name | Type | Description | Notes
 
 ### NewOpenIdConnectApplicationSettingsClient
 
-`func NewOpenIdConnectApplicationSettingsClient(grantTypes []string, ) *OpenIdConnectApplicationSettingsClient`
+`func NewOpenIdConnectApplicationSettingsClient() *OpenIdConnectApplicationSettingsClient`
 
 NewOpenIdConnectApplicationSettingsClient instantiates a new OpenIdConnectApplicationSettingsClient object
 This constructor will assign default values to properties that have it defined,

okta/model_open_id_connect_application_settings_client.go

@@ -25,7 +25,6 @@ package okta
 
 import (
 	"encoding/json"
-	"fmt"
 )
 
 // checks if the OpenIdConnectApplicationSettingsClient type satisfies the MappedNullable interface at compile time
@@ -51,7 +50,7 @@ type OpenIdConnectApplicationSettingsClient struct {
 	FrontchannelLogoutSessionRequired *bool `json:"frontchannel_logout_session_required,omitempty"`
 	// <x-lifecycle-container><x-lifecycle class=\"ea\"></x-lifecycle> <x-lifecycle class=\"oie\"></x-lifecycle></x-lifecycle-container>URL where Okta sends the logout request
 	FrontchannelLogoutUri *string  `json:"frontchannel_logout_uri,omitempty"`
-	GrantTypes            []string `json:"grant_types"`
+	GrantTypes            []string `json:"grant_types,omitempty"`
 	// JWE alg algorithm for encrypting the ID token issued to this client. If this is requested, the response is signed, and then encrypted with the result being a nested JWT. The default, if omitted, is that no encryption is performed. See the [Application Public Keys API](/openapi/okta-management/management/applicationssopublickeys/) for more information on encryption keys. See [Key management](https://developer.okta.com/docs/guides/key-management/main/) for more information on how encryption keys are used.
 	IdTokenEncryptedResponseAlg *string                                    `json:"id_token_encrypted_response_alg,omitempty"`
 	IdpInitiatedLogin           *OpenIdConnectApplicationIdpInitiatedLogin `json:"idp_initiated_login,omitempty"`
@@ -95,13 +94,12 @@ type _OpenIdConnectApplicationSettingsClient OpenIdConnectApplicationSettingsCli
 // This constructor will assign default values to properties that have it defined,
 // and makes sure properties required by API are set, but the set of arguments
 // will change when the set of required properties is changed
-func NewOpenIdConnectApplicationSettingsClient(grantTypes []string) *OpenIdConnectApplicationSettingsClient {
+func NewOpenIdConnectApplicationSettingsClient() *OpenIdConnectApplicationSettingsClient {
 	this := OpenIdConnectApplicationSettingsClient{}
 	var consentMethod string = "TRUSTED"
 	this.ConsentMethod = &consentMethod
 	var dpopBoundAccessTokens bool = false
 	this.DpopBoundAccessTokens = &dpopBoundAccessTokens
-	this.GrantTypes = grantTypes
 	return &this
 }
 
@@ -405,20 +403,19 @@ func (o *OpenIdConnectApplicationSettingsClient) SetFrontchannelLogoutUri(v stri
 	o.FrontchannelLogoutUri = &v
 }
 
-// GetGrantTypes returns the GrantTypes field value
+// GetGrantTypes returns the GrantTypes field value if set, zero value otherwise.
 func (o *OpenIdConnectApplicationSettingsClient) GetGrantTypes() []string {
-	if o == nil {
+	if o == nil || o.GrantTypes == nil {
 		var ret []string
 		return ret
 	}
-
 	return o.GrantTypes
 }
 
-// GetGrantTypesOk returns a tuple with the GrantTypes field value
+// GetGrantTypesOk returns a tuple with the GrantTypes field value if set, nil otherwise
 // and a boolean to check if the value has been set.
 func (o *OpenIdConnectApplicationSettingsClient) GetGrantTypesOk() ([]string, bool) {
-	if o == nil {
+	if o == nil || o.GrantTypes == nil {
 		return nil, false
 	}
 	return o.GrantTypes, true
@@ -1074,7 +1071,9 @@ func (o OpenIdConnectApplicationSettingsClient) ToMap() (map[string]interface{},
 	if !IsNil(o.FrontchannelLogoutUri) {
 		toSerialize["frontchannel_logout_uri"] = o.FrontchannelLogoutUri
 	}
-	toSerialize["grant_types"] = o.GrantTypes
+	if o.GrantTypes != nil {
+		toSerialize["grant_types"] = o.GrantTypes
+	}
 	if !IsNil(o.IdTokenEncryptedResponseAlg) {
 		toSerialize["id_token_encrypted_response_alg"] = o.IdTokenEncryptedResponseAlg
 	}
@@ -1141,27 +1140,6 @@ func (o OpenIdConnectApplicationSettingsClient) ToMap() (map[string]interface{},
 }
 
 func (o *OpenIdConnectApplicationSettingsClient) UnmarshalJSON(data []byte) (err error) {
-	// This validates that all required properties are included in the JSON object
-	// by unmarshalling the object into a generic map with string keys and checking
-	// that every required field exists as a key in the generic map.
-	requiredProperties := []string{
-		"grant_types",
-	}
-
-	allProperties := make(map[string]interface{})
-
-	err = json.Unmarshal(data, &allProperties)
-
-	if err != nil {
-		return err
-	}
-
-	for _, requiredProperty := range requiredProperties {
-		if _, exists := allProperties[requiredProperty]; !exists {
-			return fmt.Errorf("no value given for required property %v", requiredProperty)
-		}
-	}
-
 	varOpenIdConnectApplicationSettingsClient := _OpenIdConnectApplicationSettingsClient{}
 
 	err = json.Unmarshal(data, &varOpenIdConnectApplicationSettingsClient)