OIDCApplicationBuilder SignOnMode throwing an error

[aronAtWex]

Describe the bug?

I posted the issuer here.
https://devforum.okta.com/t/the-settings-signon-object-doesnt-match-the-type-indicated-by-signonmode-value-or-is-ill-defined/32805

Quickly
Our company has code to create an Application used the SDK. Have just upgraded to 21.
Using the existing code on the new SDK is throwing an error.

{“errorCode”:“E0000001”,“errorSummary”:“Api validation failed: mediated”,“errorLink”:“E0000001”,“errorId”:“oae7-tAznSQR4u9e85T8TV4bw”,“errorCauses”:[{“errorSummary”:“Invalid signOnMode”},{“errorSummary”:“The settings.signOn object doesn’t match the type indicated by signOnMode value or is ill defined”}]}

Looks like the Application class has a set SignOn Mode. Which is what I have tried.

https://okta.github.io/okta-sdk-java/20.0.0/apidocs/com/okta/sdk/resource/application/ApplicationBuilder.html#setSignOnMode(com.okta.sdk.resource.model.ApplicationSignOnMode)

But it looks like there is a setting Sign On mode.
OpenIdConnectApplicationSettings

https://okta.github.io/okta-sdk-java/20.0.0/apidocs/com/okta/sdk/resource/model/OpenIdConnectApplicationSettings.html#setSignOn(com.okta.sdk.resource.model.AutoLoginApplicationSettingsSignOn)

I don't see a way to set this value.
I'm not sure if I'm using an old class, and there could be a new way to create OIDC Applications.

Any idea?

What is expected to happen?

I'm expecting old code to create the application.
Also expecting if I do pass down.

setSignOnMode(ApplicationSignOnMode.OPENID_CONNECT)

That both the Application Sign On Mode and the Setting.signOnMode would be set. It is a required field.

What is the actual behavior?

It gives an error.

{“errorCode”:“E0000001”,“errorSummary”:“Api validation failed: mediated”,“errorLink”:“E0000001”,“errorId”:“oae7-tAznSQR4u9e85T8TV4bw”,“errorCauses”:[{“errorSummary”:“Invalid signOnMode”},{“errorSummary”:“The settings.signOn object doesn’t match the type indicated by signOnMode value or is ill defined”}]}

Reproduction Steps?

Try to create an Application with these values.

theApp = OIDCApplicationBuilder.instance() .addGrantTypes(OAuthGrantType.AUTHORIZATION_CODE) .setSignOnMode(ApplicationSignOnMode.OPENID_CONNECT) .setLabel(appName) .addResponseTypes(OAuthResponseType.CODE) // Have to have code, maybe Token Id? .setApplicationType(applicationType) .setTokenEndpointAuthMethod( (applicationType.equals(OpenIdConnectApplicationType.WEB)) ? OAuthEndpointAuthenticationMethod.CLIENT_SECRET_BASIC : OAuthEndpointAuthenticationMethod.NONE) .setRedirectUris(signInRedirectUri) .setPostLogoutRedirectUris(signOutRedirectUri) .setIOS(true) .setWeb(true) .buildAndCreate(oktaApplicationApi);
Throws an error because the setting.SignOn is not set.

Additional Information?

No response

Java Version

Java 17

SDK Version

SDK 21

OS version

No response

[prachi-okta]

Hi @aronAtWex , thanks for reporting this. I will be taking a look at it and getting back.

[aronAtWex]

Thanks.

I was trying to follow the API documentation to try to get more clarity on what is expected here.
https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication

I finally scrolled down far enough to see the signOn section at the same time I found it in the code.
https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication
Seems like I need to set a loginURL for the signOn section to not be null.

For testing I have just put putting in fake url http://example.com.

This time its a little different error.

{"errorCode":"E0000001","errorSummary":"Api validation failed: mediated","errorLink":"E0000001","errorId":"oaeMDQfCJy3Snmys1QxrodfUA","errorCauses":[{"errorSummary":"Invalid signOnMode"}]}

NOTE: I did try passing in a redirectURL too, which isn't required, but still got the same error.

Could be our code is getting things mixed up between a web and browser Application. I'll look at that next.

[garcger]

Try:

OIDCApplicationBuilder.instance().setName(“oidc_client”)…

We ran into the same issue after upgrading from 8.x to 22 and this resolved it.

[aronAtWex]

This did fix the issue I was having! Thank you very much.
I didn't dig deep into why it fixed it. Does it just need a string or does it actually need that name.

[garcger]

I believe it needs that exact name, but you can try changing it to confirm that it breaks with a different string.

…

On Mon, Apr 7, 2025 at 9:38 AM Aron Christensen ***@***.***> wrote: This did fix the issue I was having! Thank you very much. I didn't dig deep into why it fixed it. Does it just need a string or does it actually need that name. — Reply to this email directly, view it on GitHub <#1619 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/APSKOP4LJPVLRFSLTPEP3XT2YKSZ7AVCNFSM6AAAAAB2MUOA5KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDOOBTHE3DCMRYGI> . You are receiving this because you commented.Message ID: ***@***.***> [image: aronAtWex]*aronAtWex* left a comment (okta/okta-sdk-java#1619) <#1619 (comment)> This did fix the issue I was having! Thank you very much. I didn't dig deep into why it fixed it. Does it just need a string or does it actually need that name. — Reply to this email directly, view it on GitHub <#1619 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/APSKOP4LJPVLRFSLTPEP3XT2YKSZ7AVCNFSM6AAAAAB2MUOA5KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDOOBTHE3DCMRYGI> . You are receiving this because you commented.Message ID: ***@***.***>