okta-sdk-java icon indicating copy to clipboard operation
okta-sdk-java copied to clipboard
verified publisher icon okta

OIDCApplicationBuilder SignOnMode throwing an error

Open aronAtWex opened this issue 9 months ago • 5 comments

Describe the bug?

I posted the issuer here. https://devforum.okta.com/t/the-settings-signon-object-doesnt-match-the-type-indicated-by-signonmode-value-or-is-ill-defined/32805

Quickly Our company has code to create an Application used the SDK. Have just upgraded to 21. Using the existing code on the new SDK is throwing an error.

{“errorCode”:“E0000001”,“errorSummary”:“Api validation failed: mediated”,“errorLink”:“E0000001”,“errorId”:“oae7-tAznSQR4u9e85T8TV4bw”,“errorCauses”:[{“errorSummary”:“Invalid signOnMode”},{“errorSummary”:“The settings.signOn object doesn’t match the type indicated by signOnMode value or is ill defined”}]}

Looks like the Application class has a set SignOn Mode. Which is what I have tried.

https://okta.github.io/okta-sdk-java/20.0.0/apidocs/com/okta/sdk/resource/application/ApplicationBuilder.html#setSignOnMode(com.okta.sdk.resource.model.ApplicationSignOnMode)

But it looks like there is a setting Sign On mode. OpenIdConnectApplicationSettings

https://okta.github.io/okta-sdk-java/20.0.0/apidocs/com/okta/sdk/resource/model/OpenIdConnectApplicationSettings.html#setSignOn(com.okta.sdk.resource.model.AutoLoginApplicationSettingsSignOn)

I don't see a way to set this value.
I'm not sure if I'm using an old class, and there could be a new way to create OIDC Applications.

Any idea?

What is expected to happen?

I'm expecting old code to create the application. Also expecting if I do pass down.

setSignOnMode(ApplicationSignOnMode.OPENID_CONNECT)

That both the Application Sign On Mode and the Setting.signOnMode would be set. It is a required field.

What is the actual behavior?

It gives an error.

{“errorCode”:“E0000001”,“errorSummary”:“Api validation failed: mediated”,“errorLink”:“E0000001”,“errorId”:“oae7-tAznSQR4u9e85T8TV4bw”,“errorCauses”:[{“errorSummary”:“Invalid signOnMode”},{“errorSummary”:“The settings.signOn object doesn’t match the type indicated by signOnMode value or is ill defined”}]}

Reproduction Steps?

Try to create an Application with these values.

theApp = OIDCApplicationBuilder.instance() .addGrantTypes(OAuthGrantType.AUTHORIZATION_CODE) .setSignOnMode(ApplicationSignOnMode.OPENID_CONNECT) .setLabel(appName) .addResponseTypes(OAuthResponseType.CODE) // Have to have code, maybe Token Id? .setApplicationType(applicationType) .setTokenEndpointAuthMethod( (applicationType.equals(OpenIdConnectApplicationType.WEB)) ? OAuthEndpointAuthenticationMethod.CLIENT_SECRET_BASIC : OAuthEndpointAuthenticationMethod.NONE) .setRedirectUris(signInRedirectUri) .setPostLogoutRedirectUris(signOutRedirectUri) .setIOS(true) .setWeb(true) .buildAndCreate(oktaApplicationApi); Throws an error because the setting.SignOn is not set.

Additional Information?

No response

Java Version

Java 17

SDK Version

SDK 21

OS version

No response

aronAtWex avatar Apr 03 '25 16:04 aronAtWex

Hi @aronAtWex , thanks for reporting this. I will be taking a look at it and getting back.

prachi-okta avatar Apr 04 '25 06:04 prachi-okta

Thanks.

I was trying to follow the API documentation to try to get more clarity on what is expected here. https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication

I finally scrolled down far enough to see the signOn section at the same time I found it in the code.
https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Application/#tag/Application/operation/createApplication Seems like I need to set a loginURL for the signOn section to not be null.

For testing I have just put putting in fake url http://example.com.

This time its a little different error.

{"errorCode":"E0000001","errorSummary":"Api validation failed: mediated","errorLink":"E0000001","errorId":"oaeMDQfCJy3Snmys1QxrodfUA","errorCauses":[{"errorSummary":"Invalid signOnMode"}]}

NOTE: I did try passing in a redirectURL too, which isn't required, but still got the same error.

Could be our code is getting things mixed up between a web and browser Application. I'll look at that next.

aronAtWex avatar Apr 04 '25 15:04 aronAtWex

Try:

OIDCApplicationBuilder.instance().setName(“oidc_client”)…

We ran into the same issue after upgrading from 8.x to 22 and this resolved it.

garcger avatar Apr 05 '25 00:04 garcger

This did fix the issue I was having! Thank you very much. I didn't dig deep into why it fixed it. Does it just need a string or does it actually need that name.

aronAtWex avatar Apr 07 '25 16:04 aronAtWex

I believe it needs that exact name, but you can try changing it to confirm that it breaks with a different string.

On Mon, Apr 7, 2025 at 9:38 AM Aron Christensen @.***> wrote:

This did fix the issue I was having! Thank you very much. I didn't dig deep into why it fixed it. Does it just need a string or does it actually need that name.

— Reply to this email directly, view it on GitHub https://github.com/okta/okta-sdk-java/issues/1619#issuecomment-2783961282, or unsubscribe https://github.com/notifications/unsubscribe-auth/APSKOP4LJPVLRFSLTPEP3XT2YKSZ7AVCNFSM6AAAAAB2MUOA5KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDOOBTHE3DCMRYGI . You are receiving this because you commented.Message ID: @.***> [image: aronAtWex]aronAtWex left a comment (okta/okta-sdk-java#1619) https://github.com/okta/okta-sdk-java/issues/1619#issuecomment-2783961282

This did fix the issue I was having! Thank you very much. I didn't dig deep into why it fixed it. Does it just need a string or does it actually need that name.

— Reply to this email directly, view it on GitHub https://github.com/okta/okta-sdk-java/issues/1619#issuecomment-2783961282, or unsubscribe https://github.com/notifications/unsubscribe-auth/APSKOP4LJPVLRFSLTPEP3XT2YKSZ7AVCNFSM6AAAAAB2MUOA5KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDOOBTHE3DCMRYGI . You are receiving this because you commented.Message ID: @.***>

garcger avatar Apr 07 '25 16:04 garcger