Geting list for onelogin_roles ends with 400 - cursor gets wrong value

[gkruszecki]

It is the similar problem that reported in #196
But it looks like onelogin api has changed.
According to docs for API v2 https://developers.onelogin.com/api-docs/2/getting-started/using-query-parameters
cursor parameter should be set to the value extracted from Before-Cursor or After-Cursor headers to return the previous or next page.
Right now it is set to last id

terraform-provider-onelogin/onelogin/resource_onelogin_roles.go

Line 190 in f09ccb7

// Use the last role's ID as the cursor for the next page

ex.
First request with limit

$ curl -I 'https://***.onelogin.com/api/2/roles?limit=100' -X GET -H "Authorization: bearer ***"
HTTP/2 200
...
after-cursor: bGltaXQ9MTAwJnNvcnQ9aWQmcGFnZT0yJnNvcnRfZGlyZWN0aW9uPWFzYw==
...
cursor: bGltaXQ9MTAwJnNvcnQ9aWQmcGFnZT0xJnNvcnRfZGlyZWN0aW9uPWFzYw==
....
page-items: 100
referrer-policy: strict-origin-when-cross-origin
total-count: 201
total-pages: 3
....

It returns after-cursor header that should be used in a following requests but lastID is used:

$ curl 'https://***.onelogin.com/api/2/roles?cursor=765415' -X GET -H "Authorization: bearer ***"
{"status":400,"error":"BadRequestError","description":"Invalid pagination cursor"}

When request with cursor is set to after-cursor header :

$ curl -I 'https://***.onelogin.com/api/2/roles?cursor=bGltaXQ9MTAwJnNvcnQ9aWQmcGFnZT0yJnNvcnRfZGlyZWN0aW9uPWFzYw==' -X GET -H "Authorization: bearer ***"
HTTP/2 200
date: Tue, 27 Jan 2026 14:12:54 GMT
content-type: application/json; charset=utf-8
content-length: 47709
after-cursor: bGltaXQ9MTAwJnNvcnQ9aWQmcGFnZT0zJnNvcnRfZGlyZWN0aW9uPWFzYw==
before-cursor: bGltaXQ9MTAwJnNvcnQ9aWQmcGFnZT0xJnNvcnRfZGlyZWN0aW9uPWFzYw==
cache-control: max-age=0, private, must-revalidate
current-page: 2
cursor: bGltaXQ9MTAwJnNvcnQ9aWQmcGFnZT0yJnNvcnRfZGlyZWN0aW9uPWFzYw==
etag: W/"53eca273ca5252f3cd50cbdba2bbf3c9"
link: https://***.onelogin.com/api/2/roles?cursor=bGltaXQ9MTAwJnNvcnQ9aWQmcGFnZT0xJnNvcnRfZGlyZWN0aW9uPWFzYw==; rel="first",https://***.onelogin.com/api/2/roles?cursor=bGltaXQ9MTAwJnNvcnQ9aWQmcGFnZT0xJnNvcnRfZGlyZWN0aW9uPWFzYw==; rel="prev",https://***.onelogin.com/api/2/roles?cursor=bGltaXQ9MTAwJnNvcnQ9aWQmcGFnZT0zJnNvcnRfZGlyZWN0aW9uPWFzYw==; rel="next",https://***.onelogin.com/api/2/roles?cursor=bGltaXQ9MTAwJnNvcnQ9aWQmcGFnZT0zJnNvcnRfZGlyZWN0aW9uPWFzYw==; rel="last"
page-items: 100
referrer-policy: strict-origin-when-cross-origin
total-count: 201
total-pages: 3
vary: Accept
....