UserApi.getUser throws ClassCastException under specific order of operation

[khloke]

Describe the bug?

Calling UserApi.getUser(), updateUser() then getUser() on the same ID in that order would throw the following:

java.lang.ClassCastException: class com.okta.sdk.resource.model.User cannot be cast to class com.okta.sdk.resource.model.UserGetSingleton (com.okta.sdk.resource.model.User and com.okta.sdk.resource.model.UserGetSingleton are in unnamed module of loader 'app')

What is expected to happen?

A UserGetSingleton object of the given id would be returned with no exceptions.

What is the actual behavior?

ClassCastException was thrown instead.

Reproduction Steps?

This can be reproduced with the following code:

        String orgUrl = "https://example.okta.com";
        String clientId = "your-client-id";
        String authMode = "SSWS";
        String oktaApiToken = "your-okta-api-token";
        String scopes = "okta.users.read,okta.users.manage";
        String userIdForTesting = "00u9cc7qgvRPapIQG0x7"; //Any valid user ID will work

        ApiClient apiClient = Clients.builder()
                                     .setOrgUrl(orgUrl)
                                     .setAuthorizationMode(AuthorizationMode.valueOf(authMode))
                                     .setClientId(clientId)
                                     .setClientCredentials(new TokenClientCredentials(oktaApiToken))
                                     .setScopes(Set.of(scopes.split(",")))
                                     .build();
        UserApi userApi = new UserApi(apiClient);

        userApi.getUser(userIdForTesting, null, null);
        User updatedUser = userApi.updateUser(userIdForTesting, new UpdateUserRequest(), false);
        UserGetSingleton user = userApi.getUser(userIdForTesting, null, null);

Additional Information?

This is caused by the cache in ApiClient storing a User.class object in the cache (code) during a updateUser() operation, and when getUser() is called for the same user, the cacheKey matches but expects a UserGetSingleton.class object instead and attempts to cast it as such (code). A ClassCastException is thrown because of this.

Java Version

openjdk 21.0.6 2025-01-21
OpenJDK Runtime Environment Homebrew (build 21.0.6)
OpenJDK 64-Bit Server VM Homebrew (build 21.0.6, mixed mode, sharing)

SDK Version

First seen in 20.0.1.
Tested and still happening in 21.0.0.

OS version

Darwin HongL 24.3.0 Darwin Kernel Version 24.3.0: Thu Jan  2 20:24:24 PST 2025; root:xnu-11215.81.4~3/RELEASE_ARM64_T6030 arm64

[prachi-okta]

HI @khloke, thanks for reporting this. I will be taking a look at it and getting back.

[jimjonah]

I'm also see this issue.

Is there a workaround for this?

[khloke]

I'm also see this issue.

Is there a workaround for this?

The way it is written I couldn't find a workaround. I reverted back to v13 of the SDK.

[jimjonah]

I ended up using this. Previous versions of the SDK broke other things for us.

final var userList = oktaUserApi.listUsers(
null, // contentType
null, // q (search query)
null, // after (pagination)
null, // limit
"id eq "" + oktaUserId + """, // filter
null, // search
null, // sortBy
null // sortOrder
);

// Get the first (and should be only) user from the list
return userList.isEmpty() ? null : userList.get(0);

[shaunlefeuvre]

@prachi-okta Where is the fix? This was reported months ago. It is still a problem today in latest SDK version.