Remove minLength validation for the secondEmail attribute from the OpenAPI spec.#520
Merged
BinoyOza-okta merged 1 commit intomasterfrom Apr 6, 2026
Merged
Remove minLength validation for the secondEmail attribute from the OpenAPI spec.#520BinoyOza-okta merged 1 commit intomasterfrom
BinoyOza-okta merged 1 commit intomasterfrom
Conversation
…w empty strings
The Okta API returns empty strings ("") for users without a secondary email,
but the secondEmail field had a minLength: 5 constraint that caused Pydantic
validation to fail during deserialization of valid API responses.
Changes:
- openapi/api.yaml: Remove minLength: 5 from UserProfile.secondEmail
- okta/models/user_profile.py: Remove min_length=5 from second_email field
The upstream OpenAPI spec fix was approved and merged.
This aligns the SDK with the corrected spec.
Testing:
Verified on live org by fetching a user with secondEmail set to "" (empty string).
The user deserializes successfully without validation errors.
Fixes: OKTA-1146937
Refs: #477, #481
|
👋 Interested in getting this fix merged/released, as this is a blocker for the integration of Okta SDK v3. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix: Remove
minLength: 5fromUserProfile.secondEmailto Allow Empty StringsSummary
Removes the
minLength: 5constraint fromUserProfile.secondEmailso the SDK can correctly deserialize users whose secondary email is an empty string (""), as returned by the Okta API.Ticket: OKTA-1146937
Problem
The Okta API returns
""(empty string) forsecondEmailwhen a user has no secondary email configured. The SDK's OpenAPI spec included aminLength: 5constraint on this field, causing Pydantic validation to reject valid API responses:This broke any SDK operation that deserializes a user profile (e.g.,
list_users,get_user,create_user) whenever a user had an emptysecondEmail.Root Cause
The OpenAPI spec defined
secondEmailwith an overly restrictive constraint:The upstream spec has already been corrected. This PR aligns the SDK with that fix.
Solution
Files Changed
openapi/api.yaml — Removed
minLength: 5fromUserProfile.secondEmailokta/models/user_profile.py — Removed
min_length=5fromsecond_emailfieldTesting
✅ Verified on live org by fetching a user with
secondEmailset to""(empty string)✅ User deserialization completes successfully without validation errors
✅
format: emailandmaxLength: 100constraints remain intact for non-empty values✅ No breaking changes — purely removes an incorrect restriction
Related Issues