OpenAPI spec does not allow nullable `identity` in `session` model
ngc7293 opened this issue · comments
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe the bug
When contacting the PATCH /session/:id/extend
endpoint, the identity
field of the session
object is not expanded and is serialized as null. This is does not align with the generated OpenAPI spec since null
is not of type Identity
.
This is especially problematic for autogenerated SDKs that will raise an unexpected error when deserializing the response.
Reproducing the bug
docker compose -f quickstart up
- Using the Python SDK this code can systematically reproduce the issue:
from ory_kratos_client.api_client import ApiClient
from ory_kratos_client.configuration import Configuration
from ory_kratos_client.api.identity_api import IdentityApi
from ory_kratos_client.api.frontend_api import FrontendApi
from ory_kratos_client.model.create_identity_body import CreateIdentityBody
from ory_kratos_client.model.identity_with_credentials import IdentityWithCredentials
from ory_kratos_client.model.identity_with_credentials_password import IdentityWithCredentialsPassword
from ory_kratos_client.model.identity_with_credentials_password_config import IdentityWithCredentialsPasswordConfig
from ory_kratos_client.model.update_login_flow_body import UpdateLoginFlowBody
public = FrontendApi(ApiClient(Configuration(host="http://localhost:4433")))
admin = IdentityApi(ApiClient(Configuration(host="http://localhost:4434")))
identity = admin.create_identity(create_identity_body=CreateIdentityBody(
schema_id="default",
traits={
"email": "test@example.com",
"name": {
"first": "Foo",
"last": "bar"
},
},
credentials=IdentityWithCredentials(
password=IdentityWithCredentialsPassword(
config=IdentityWithCredentialsPasswordConfig(
password="password"
)
)
)
))
flow = public.create_native_login_flow()
login = public.update_login_flow(
flow=flow.id,
update_login_flow_body=UpdateLoginFlowBody(
method="password",
identifier="test@example.com",
password="password"
)
)
try:
admin.extend_session(login.session.id)
except Exception as e:
print(e) # Will
admin.delete_identity(identity.id)
The print statement will output
Invalid type for variable 'identity'. Required value type is Identity and passed type was NoneType at ['received_data']['identity']
Relevant log output
No response
Relevant configuration
No response
Version
master, 1.1.0
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Binary
Additional Context
No response