OpenAPI definition contains multiple, invalid path definitions for /users/{userid}/lifecycle/expire_password endpoint #610
Assignees
Labels
Comments
|
@clevelm Thanks for reporting this! You're right in pointing out that query params cannot be used in URI path in Open API spec 2.0. We are aware of this issue and are working on a comprehensive spec upgrade that would fix this issue. Stay tuned! |
|
Internal Ref: OKTA-418596 |
|
Closing this in favor of https://github.com/okta/openapi/issues/265. This will be fixed in the Open API spec release v3. |
|
Please re-open the original defect. OpenAPI v3 does not address the issue for those whose API tooling does not yet support it. Please address the issue in an OpenAPI v2.x compatible manner, as many users will not have access to tooling that supports OpenAPI v3.x at this time.
From: Arvind Krishnakumar ***@***.***>
Sent: Wednesday, January 19, 2022 7:37 AM
To: okta/okta-sdk-java ***@***.***>
Cc: Cleveland, Mark ***@***.***>; Mention ***@***.***>
Subject: [External] Re: [okta/okta-sdk-java] OpenAPI definition contains multiple, invalid path definitions for /users/{userid}/lifecycle/expire_password endpoint (#610)
EXTERNAL: This email originated from outside of the organization. Do not click any links or open any attachments unless you trust the sender and know the content is safe.
Closing this in favor of okta/openapi#265<https://urldefense.com/v3/__https:/github.com/okta/openapi/issues/265__;!!BS-MXwIi!QxTmW0BsVonhhtp_SS8E0Xn5UJgG9esiwLU3eillxJy0NaaCGQ7K04H-67oCfPk$>.
This will be fixed in the Open API spec release v3.
-
Reply to this email directly, view it on GitHub<https://urldefense.com/v3/__https:/github.com/okta/okta-sdk-java/issues/610*issuecomment-1016425631__;Iw!!BS-MXwIi!QxTmW0BsVonhhtp_SS8E0Xn5UJgG9esiwLU3eillxJy0NaaCGQ7K04H-Q91MjEc$>, or unsubscribe<https://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AVHLGSUYXWDTH7JIGYBY5FDUW2V5RANCNFSM5CIOE2JA__;!!BS-MXwIi!QxTmW0BsVonhhtp_SS8E0Xn5UJgG9esiwLU3eillxJy0NaaCGQ7K04H-gc-KJLY$>.
Triage notifications on the go with GitHub Mobile for iOS<https://urldefense.com/v3/__https:/apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!BS-MXwIi!QxTmW0BsVonhhtp_SS8E0Xn5UJgG9esiwLU3eillxJy0NaaCGQ7K04H-1PyK6oA$> or Android<https://urldefense.com/v3/__https:/play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign*3Dnotification-email*26utm_medium*3Demail*26utm_source*3Dgithub__;JSUlJSU!!BS-MXwIi!QxTmW0BsVonhhtp_SS8E0Xn5UJgG9esiwLU3eillxJy0NaaCGQ7K04H-zfg8olQ$>.
You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>
…-This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION, and is meant to be viewed solely by the intended recipient. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments and notify the sender immediately.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
ℹ️ If you have a question, please post it on the Okta Developer Forum instead. Issues in this repository are reserved for bug reports and feature requests only.
I'm submitting a
Background info
The OpenAPI definition (okta-sdk-java/src/swagger/api.yaml) contains two path definitions for the /users/{userid}/lifecycle/expire_password endpoint. Both definitions are invalid, because they both use the same path and attempt to differentiate themselves from each other using a query parameter. The paths are:
/api/v1/users/{userId}/lifecycle/expire_password?tempPassword=false
/api/v1/users/{userId}/lifecycle/expire_password?tempPassword=true
Query parameters are not part of a URI path (they are a separate part of the URI) and should not be included in a path in an Open API 2.0 API definition. Only valid path elements may appear in the path. (Per RFC-3986: "The path is terminated by the first question mark ("?") or number sign ("#") character, or by the end of the URI," so the "?tempPassword={value}" in the paths above should not be present. If the query string is ignored [as they should be, not being a part of the path], the paths are identical, thus creating an invalid definition file with duplicate paths.)
When this API definition is imported into systems (such as API gateways) which use OpenAPI definitions, they may fail to recognize the paths specified, or may fail to match the path at runtime. This is not an error on their part, as the paths included in the definition are malformed and invalid. The error is in the API definition provided here.
Describe your issue or request here (if necessary).
The API definition file needs to be corrected to contain only a single definition for the /expire_password endpoint. The content of the two existing path definitions needs to be merged (the two are slightly different).
Expected behavior
What should have happened?
What went wrong?
Please provide log or error messages if applicable.
Steps to reproduce
If the current behavior is a bug, please provide the steps to reproduce and a minimal demo if possible.
SDK Version
Identified in API version 2.2.4.
Verified (via GitHub) as still being present on master branch for version 2.4.0)
The text was updated successfully, but these errors were encountered: