fix: handle nullable discriminator fields in JWKS models (#514)

BinoyOza-okta · web-flow · commit 07d41ae67bc3 · 2026-03-20T02:19:48.000+05:30
* fix: handle nullable discriminator fields in JWKS models

Fixes deserialization failures when Okta API returns null values for
discriminator fields in JWKS (JSON Web Key) responses.

Changes:
- Updated OpenAPI spec to mark JWKS fields as nullable (created, lastUpdated, kty, alg, use, e, n)
- Updated documentation to reflect nullable fields

All changes are template-based to survive SDK regeneration.

Resolves customer-reported issues where list_applications() failed with
"ValueError: Failed to lookup data type from the field `use`" when JWKS
keys contained null values.

* fix: add missing JWKS subclass fields to serialization

- Added e, n fields to OAuth2ClientJsonWebKeyRsaResponse __properties and from_dict()
- Added x, y, crv fields to OAuth2ClientJsonWebKeyECResponse __properties and from_dict()
- Marked crv as optional (nullable) per API specification (x, y remain required)
- Added null preservation for e, n, crv in to_dict() methods

This ensures RSA and EC JWKS keys properly serialize/deserialize all subclass-specific fields.

* - Reverted the change of making kty as optional.
diff --git a/docs/OAuth2ClientJsonSigningKeyResponse.md b/docs/OAuth2ClientJsonSigningKeyResponse.md
@@ -7,14 +7,14 @@ A [JSON Web Key (JWK)](https://tools.ietf.org/html/rfc7517) is a JSON representa
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **id** | **str** | The unique ID of the OAuth Client JSON Web Key | [readonly] 
-**created** | **str** | Timestamp when the OAuth 2.0 client JSON Web Key was created | [readonly] 
-**last_updated** | **str** | Timestamp when the OAuth 2.0 client JSON Web Key was updated | [readonly] 
+**created** | **str** | Timestamp when the OAuth 2.0 client JSON Web Key was created | [optional] [readonly] 
+**last_updated** | **str** | Timestamp when the OAuth 2.0 client JSON Web Key was updated | [optional] [readonly] 
 **links** | [**OAuthClientSecretLinks**](OAuthClientSecretLinks.md) |  | [optional] 
 **kid** | **str** | Unique identifier of the JSON Web Key in the OAuth 2.0 client&#39;s JWKS | [optional] 
 **status** | **str** | Status of the OAuth 2.0 client JSON Web Key | [optional] 
 **kty** | **str** | Cryptographic algorithm family for the certificate&#39;s key pair | 
-**alg** | **str** | Algorithm used in the key | 
-**use** | **str** | Acceptable use of the JSON Web Key | 
+**alg** | **str** | Algorithm used in the key | [optional] 
+**use** | **str** | Acceptable use of the JSON Web Key | [optional] 
 
 ## Example
 
diff --git a/docs/OAuth2ClientJsonWebKeyECResponse.md b/docs/OAuth2ClientJsonWebKeyECResponse.md
@@ -8,7 +8,7 @@ Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **x** | **str** | The public x coordinate for the elliptic curve point | 
 **y** | **str** | The public y coordinate for the elliptic curve point | 
-**crv** | **str** | The cryptographic curve used with the key | 
+**crv** | **str** | The cryptographic curve used with the key | [optional] 
 
 ## Example
 
diff --git a/docs/OAuth2ClientJsonWebKeyRsaResponse.md b/docs/OAuth2ClientJsonWebKeyRsaResponse.md
@@ -6,8 +6,8 @@ An RSA signing key
 
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**e** | **str** | RSA key value (exponent) for key binding | 
-**n** | **str** | RSA key value (modulus) for key binding | 
+**e** | **str** | RSA key value (exponent) for key binding | [optional] 
+**n** | **str** | RSA key value (modulus) for key binding | [optional] 
 
 ## Example
 
diff --git a/okta/models/o_auth2_client_json_signing_key_response.py b/okta/models/o_auth2_client_json_signing_key_response.py
@@ -51,10 +51,12 @@ class OAuth2ClientJsonSigningKeyResponse(BaseModel):
     """  # noqa: E501
 
     id: StrictStr = Field(description="The unique ID of the OAuth Client JSON Web Key")
-    created: StrictStr = Field(
-        description="Timestamp when the OAuth 2.0 client JSON Web Key was created"
+    created: Optional[StrictStr] = Field(
+        default=None,
+        description="Timestamp when the OAuth 2.0 client JSON Web Key was created",
     )
-    last_updated: StrictStr = Field(
+    last_updated: Optional[StrictStr] = Field(
+        default=None,
         description="Timestamp when the OAuth 2.0 client JSON Web Key was updated",
         alias="lastUpdated",
     )
@@ -69,8 +71,12 @@ class OAuth2ClientJsonSigningKeyResponse(BaseModel):
     kty: StrictStr = Field(
         description="Cryptographic algorithm family for the certificate's key pair"
     )
-    alg: StrictStr = Field(description="Algorithm used in the key")
-    use: StrictStr = Field(description="Acceptable use of the JSON Web Key")
+    alg: Optional[StrictStr] = Field(
+        default=None, description="Algorithm used in the key"
+    )
+    use: Optional[StrictStr] = Field(
+        default=None, description="Acceptable use of the JSON Web Key"
+    )
     __properties: ClassVar[List[str]] = [
         "id",
         "created",
@@ -103,6 +109,9 @@ def kty_validate_enum(cls, value):
     @field_validator("use")
     def use_validate_enum(cls, value):
         """Validates the enum"""
+        if value is None:
+            return value
+
         if value not in set(["sig"]):
             raise ValueError("must be one of enum values ('sig')")
         return value
@@ -182,11 +191,31 @@ def to_dict(self) -> Dict[str, Any]:
             else:
                 _dict["_links"] = self.links
 
+        # set to None if created (nullable) is None
+        # and model_fields_set contains the field
+        if self.created is None and "created" in self.model_fields_set:
+            _dict["created"] = None
+
+        # set to None if last_updated (nullable) is None
+        # and model_fields_set contains the field
+        if self.last_updated is None and "last_updated" in self.model_fields_set:
+            _dict["lastUpdated"] = None
+
         # set to None if kid (nullable) is None
         # and model_fields_set contains the field
         if self.kid is None and "kid" in self.model_fields_set:
             _dict["kid"] = None
 
+        # set to None if alg (nullable) is None
+        # and model_fields_set contains the field
+        if self.alg is None and "alg" in self.model_fields_set:
+            _dict["alg"] = None
+
+        # set to None if use (nullable) is None
+        # and model_fields_set contains the field
+        if self.use is None and "use" in self.model_fields_set:
+            _dict["use"] = None
+
         return _dict
 
     @classmethod
diff --git a/okta/models/o_auth2_client_json_web_key_ec_response.py b/okta/models/o_auth2_client_json_web_key_ec_response.py
@@ -48,7 +48,9 @@ class OAuth2ClientJsonWebKeyECResponse(OAuth2ClientJsonSigningKeyResponse):
     y: StrictStr = Field(
         description="The public y coordinate for the elliptic curve point"
     )
-    crv: StrictStr = Field(description="The cryptographic curve used with the key")
+    crv: Optional[StrictStr] = Field(
+        default=None, description="The cryptographic curve used with the key"
+    )
     __properties: ClassVar[List[str]] = [
         "id",
         "created",
@@ -59,11 +61,17 @@ class OAuth2ClientJsonWebKeyECResponse(OAuth2ClientJsonSigningKeyResponse):
         "kty",
         "alg",
         "use",
+        "x",
+        "y",
+        "crv",
     ]
 
     @field_validator("crv")
     def crv_validate_enum(cls, value):
         """Validates the enum"""
+        if value is None:
+            return value
+
         if value not in set(["P-256", "P-384", "P-521"]):
             raise ValueError("must be one of enum values ('P-256', 'P-384', 'P-521')")
         return value
@@ -112,11 +120,36 @@ def to_dict(self) -> Dict[str, Any]:
             else:
                 _dict["_links"] = self.links
 
+        # set to None if created (nullable) is None
+        # and model_fields_set contains the field
+        if self.created is None and "created" in self.model_fields_set:
+            _dict["created"] = None
+
+        # set to None if last_updated (nullable) is None
+        # and model_fields_set contains the field
+        if self.last_updated is None and "last_updated" in self.model_fields_set:
+            _dict["lastUpdated"] = None
+
         # set to None if kid (nullable) is None
         # and model_fields_set contains the field
         if self.kid is None and "kid" in self.model_fields_set:
             _dict["kid"] = None
 
+        # set to None if alg (nullable) is None
+        # and model_fields_set contains the field
+        if self.alg is None and "alg" in self.model_fields_set:
+            _dict["alg"] = None
+
+        # set to None if use (nullable) is None
+        # and model_fields_set contains the field
+        if self.use is None and "use" in self.model_fields_set:
+            _dict["use"] = None
+
+        # set to None if crv (nullable) is None
+        # and model_fields_set contains the field
+        if self.crv is None and "crv" in self.model_fields_set:
+            _dict["crv"] = None
+
         return _dict
 
     @classmethod
@@ -143,6 +176,9 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]:
                 "kty": obj.get("kty"),
                 "alg": obj.get("alg"),
                 "use": obj.get("use"),
+                "x": obj.get("x"),
+                "y": obj.get("y"),
+                "crv": obj.get("crv"),
             }
         )
         return _obj
diff --git a/okta/models/o_auth2_client_json_web_key_rsa_response.py b/okta/models/o_auth2_client_json_web_key_rsa_response.py
@@ -42,8 +42,12 @@ class OAuth2ClientJsonWebKeyRsaResponse(OAuth2ClientJsonSigningKeyResponse):
     An RSA signing key
     """  # noqa: E501
 
-    e: StrictStr = Field(description="RSA key value (exponent) for key binding")
-    n: StrictStr = Field(description="RSA key value (modulus) for key binding")
+    e: Optional[StrictStr] = Field(
+        default=None, description="RSA key value (exponent) for key binding"
+    )
+    n: Optional[StrictStr] = Field(
+        default=None, description="RSA key value (modulus) for key binding"
+    )
     __properties: ClassVar[List[str]] = [
         "id",
         "created",
@@ -54,6 +58,8 @@ class OAuth2ClientJsonWebKeyRsaResponse(OAuth2ClientJsonSigningKeyResponse):
         "kty",
         "alg",
         "use",
+        "e",
+        "n",
     ]
 
     model_config = ConfigDict(
@@ -100,11 +106,41 @@ def to_dict(self) -> Dict[str, Any]:
             else:
                 _dict["_links"] = self.links
 
+        # set to None if created (nullable) is None
+        # and model_fields_set contains the field
+        if self.created is None and "created" in self.model_fields_set:
+            _dict["created"] = None
+
+        # set to None if last_updated (nullable) is None
+        # and model_fields_set contains the field
+        if self.last_updated is None and "last_updated" in self.model_fields_set:
+            _dict["lastUpdated"] = None
+
         # set to None if kid (nullable) is None
         # and model_fields_set contains the field
         if self.kid is None and "kid" in self.model_fields_set:
             _dict["kid"] = None
 
+        # set to None if alg (nullable) is None
+        # and model_fields_set contains the field
+        if self.alg is None and "alg" in self.model_fields_set:
+            _dict["alg"] = None
+
+        # set to None if use (nullable) is None
+        # and model_fields_set contains the field
+        if self.use is None and "use" in self.model_fields_set:
+            _dict["use"] = None
+
+        # set to None if e (nullable) is None
+        # and model_fields_set contains the field
+        if self.e is None and "e" in self.model_fields_set:
+            _dict["e"] = None
+
+        # set to None if n (nullable) is None
+        # and model_fields_set contains the field
+        if self.n is None and "n" in self.model_fields_set:
+            _dict["n"] = None
+
         return _dict
 
     @classmethod
@@ -131,6 +167,8 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]:
                 "kty": obj.get("kty"),
                 "alg": obj.get("alg"),
                 "use": obj.get("use"),
+                "e": obj.get("e"),
+                "n": obj.get("n"),
             }
         )
         return _obj
diff --git a/openapi/api.yaml b/openapi/api.yaml
@@ -70314,13 +70314,13 @@ components:
           description: Timestamp when the OAuth 2.0 client JSON Web Key was created
           example: '2023-02-21T20:08:24.000Z'
           readOnly: true
-          nullable: false
+          nullable: true
         lastUpdated:
           type: string
           description: Timestamp when the OAuth 2.0 client JSON Web Key was updated
           example: '2023-02-21T20:08:24.000Z'
           readOnly: true
-          nullable: false
+          nullable: true
         _links:
           $ref: '#/components/schemas/OAuthClientSecretLinks'
           readOnly: true
@@ -70340,20 +70340,19 @@ components:
           type: string
           description: Cryptographic algorithm family for the certificate's key pair
           example: RSA
-          nullable: false
           enum:
             - RSA
             - EC
         alg:
           type: string
           description: Algorithm used in the key
           example: RS256
-          nullable: false
+          nullable: true
         use:
           type: string
           description: Acceptable use of the JSON Web Key
           example: sig
-          nullable: false
+          nullable: true
           enum:
             - sig
       discriminator:
@@ -70363,11 +70362,7 @@ components:
           EC: '#/components/schemas/OAuth2ClientJsonWebKeyECResponse'
       required:
         - id
-        - created
-        - lastUpdated
         - kty
-        - alg
-        - use
     OAuth2ClientJsonWebKeyECRequest:
       title: EC Signing Key
       description: An EC signing key
@@ -70409,26 +70404,25 @@ components:
       allOf:
         - $ref: '#/components/schemas/OAuth2ClientJsonSigningKeyResponse'
         - type: object
-      properties:
-        x:
-          type: string
-          description: The public x coordinate for the elliptic curve point
-        y:
-          type: string
-          description: The public y coordinate for the elliptic curve point
-        crv:
-          type: string
-          description: The cryptographic curve used with the key
-          example: P-256
-          nullable: false
-          enum:
-            - P-256
-            - P-384
-            - P-521
-      required:
-         - x
-         - y
-         - crv
+          properties:
+            x:
+              type: string
+              description: The public x coordinate for the elliptic curve point
+            y:
+              type: string
+              description: The public y coordinate for the elliptic curve point
+            crv:
+              type: string
+              description: The cryptographic curve used with the key
+              example: P-256
+              nullable: true
+              enum:
+                - P-256
+                - P-384
+                - P-521
+          required:
+           - x
+           - y
     OAuth2ClientJsonWebKeyRequestBase:
       type: object
       properties:
@@ -70543,21 +70537,18 @@ components:
       description: An RSA signing key
       allOf:
         - $ref: '#/components/schemas/OAuth2ClientJsonSigningKeyResponse'
-      type: object
-      properties:
-        e:
-          type: string
-          description: RSA key value (exponent) for key binding
-          example: AQAB
-          nullable: false
-        n:
-          type: string
-          description: RSA key value (modulus) for key binding
-          example: mkC6yAJVvFwUlmM9gKjb2d-YK5qHFt-mXSsbjWKKs4EfNm-BoQeeovBZtSACyaqLc8IYFTPEURFcbDQ9DkAL04uUIRD2gaHYY7uK0jsluEaXGq2RAIsmzAwNTzkiDw4q9pDL_q7n0f_SDt1TsMaMQayB6bU5jWsmqcWJ8MCRJ1aJMjZ16un5UVx51IIeCbe4QRDxEXGAvYNczsBoZxspDt28esSpq5W0dBFxcyGVudyl54Er3FzAguhgfMVjH-bUec9j2Tl40qDTktrYgYfxz9pfjm01Hl4WYP1YQxeETpSL7cQ5Ihz4jGDtHUEOcZ4GfJrPzrGpUrak8Qp5xcwCqQ
-          nullable: false
-      required:
-        - e
-        - n
+        - type: object
+          properties:
+            e:
+              type: string
+              description: RSA key value (exponent) for key binding
+              example: AQAB
+              nullable: true
+            n:
+              type: string
+              description: RSA key value (modulus) for key binding
+              example: mkC6yAJVvFwUlmM9gKjb2d-YK5qHFt-mXSsbjWKKs4EfNm-BoQeeovBZtSACyaqLc8IYFTPEURFcbDQ9DkAL04uUIRD2gaHYY7uK0jsluEaXGq2RAIsmzAwNTzkiDw4q9pDL_q7n0f_SDt1TsMaMQayB6bU5jWsmqcWJ8MCRJ1aJMjZ16un5UVx51IIeCbe4QRDxEXGAvYNczsBoZxspDt28esSpq5W0dBFxcyGVudyl54Er3FzAguhgfMVjH-bUec9j2Tl40qDTktrYgYfxz9pfjm01Hl4WYP1YQxeETpSL7cQ5Ihz4jGDtHUEOcZ4GfJrPzrGpUrak8Qp5xcwCqQ
+              nullable: true
     OAuth2ClientSecret:
       type: object
       properties:
