Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-okta for openSUSE:Factory checked in at 2026-05-14 21:45:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-okta (Old) and /work/SRC/openSUSE:Factory/.python-okta.new.1966 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-okta" Thu May 14 21:45:54 2026 rev:8 rq:1353210 version:3.4.3 Changes: -------- --- /work/SRC/openSUSE:Factory/python-okta/python-okta.changes 2026-04-10 18:02:37.473648490 +0200 +++ /work/SRC/openSUSE:Factory/.python-okta.new.1966/python-okta.changes 2026-05-14 21:45:56.873975685 +0200 @@ -1,0 +2,12 @@ +Thu May 14 12:03:10 UTC 2026 - Martin Hauke <[email protected]> + +- Update to version 3.4.3 + * fix: remove required constraints from + SamlApplicationSettingsSignOn schema. +- Update to version 3.4.2 + * Fix: Security vulnerability in #527 +- Update to version 3.4.1 + * Fix: Primitive Fallback for oneOf Deserialization in Device + Assurance Models. + +------------------------------------------------------------------- Old: ---- okta-sdk-python-3.4.0.tar.gz New: ---- okta-sdk-python-3.4.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-okta.spec ++++++ --- /var/tmp/diff_new_pack.vTG4F0/_old 2026-05-14 21:45:57.882017008 +0200 +++ /var/tmp/diff_new_pack.vTG4F0/_new 2026-05-14 21:45:57.886017172 +0200 @@ -19,7 +19,7 @@ %{?sle15_python_module_pythons} Name: python-okta -Version: 3.4.0 +Version: 3.4.3 Release: 0 Summary: Python SDK for the Okta Management API License: Apache-2.0 ++++++ okta-sdk-python-3.4.0.tar.gz -> okta-sdk-python-3.4.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/okta-sdk-python-3.4.0/.github/workflows/python-package.yml new/okta-sdk-python-3.4.3/.github/workflows/python-package.yml --- old/okta-sdk-python-3.4.0/.github/workflows/python-package.yml 2026-04-08 10:47:56.000000000 +0200 +++ new/okta-sdk-python-3.4.3/.github/workflows/python-package.yml 2026-05-13 08:51:15.000000000 +0200 @@ -19,9 +19,9 @@ python-version: ["3.10", "3.11", "3.12", "3.13"] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v6 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v2 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} - name: Install dependencies diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/okta-sdk-python-3.4.0/.github/workflows/python.yml new/okta-sdk-python-3.4.3/.github/workflows/python.yml --- old/okta-sdk-python-3.4.0/.github/workflows/python.yml 2026-04-08 10:47:56.000000000 +0200 +++ new/okta-sdk-python-3.4.3/.github/workflows/python.yml 2026-05-13 08:51:15.000000000 +0200 @@ -16,9 +16,9 @@ python-version: ["3.10", "3.11", "3.12", "3.13"] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v6 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} - name: Install dependencies diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/okta-sdk-python-3.4.0/CHANGELOG.md new/okta-sdk-python-3.4.3/CHANGELOG.md --- old/okta-sdk-python-3.4.0/CHANGELOG.md 2026-04-08 10:47:56.000000000 +0200 +++ new/okta-sdk-python-3.4.3/CHANGELOG.md 2026-05-13 08:51:15.000000000 +0200 @@ -1,5 +1,29 @@ # Okta Python SDK Changelog +# 3.4.3 + +## Bug Fixes +* Fixed a deserialization crash in `list_applications()` that occurred when processing partially configured SAML applications. The `SamlApplicationSettingsSignOn` schema was updated to remove overly strict `required` constraints on 10 fields (including `audience`, `idpIssuer`, `ssoAcsUrl`, and `recipient`), allowing the SDK to successfully parse valid API responses without throwing validation errors (#536). + +## Security & Dependencies +* Upgraded package dependencies to resolve flagged Dependabot security alerts (#537, #538). + +# 3.4.2 + +## Security +* Resolved Dependabot security alerts by upgrading runtime dependencies to their latest secure versions: `aenum` 3.1.16, `aiohttp` 3.13.4, `pydash` 8.0.6, `PyJWT` 2.12.0, `PyYAML` 6.0.3, `requests` 2.33.0, and `xmltodict` 1.0.2. ([#525](https://github.com/okta/okta-sdk-python/pull/525)) +* Upgraded `pytest` to 9.0.3 and `pytest-asyncio` to 1.3.0 to address security and vulnerability concerns. ([#527](https://github.com/okta/okta-sdk-python/pull/527)) + +## Changed +* Bumped development and testing dependencies: `flake8` 7.3.0, `pyfakefs` 5.10.2, `pytest-mock` 3.15.1, `pytest-recording` 0.13.4, `tox` 4.30.3, and `twine` 6.2.0. ([#525](https://github.com/okta/okta-sdk-python/pull/525)) +* Upgraded GitHub Actions to current major releases: `actions/checkout` v6 and `actions/setup-python` v6 to resolve Node.js runtime deprecation warnings. ([#525](https://github.com/okta/okta-sdk-python/pull/525)) +* Updated OpenAPI Generator mustache templates (`requirements.mustache`, `setup.mustache`, `pyproject.mustache`, `test-requirements.mustache`) to reflect the new dependency versions for consistent future code generation. ([#525](https://github.com/okta/okta-sdk-python/pull/525)) + +# 3.4.1 + +## Fixed +* Fixed Primitive Fallback for oneOf Deserialization in Device Assurance Model. + # 3.4.0 ## Added diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/okta-sdk-python-3.4.0/docs/SamlApplicationSettingsSignOn.md new/okta-sdk-python-3.4.3/docs/SamlApplicationSettingsSignOn.md --- old/okta-sdk-python-3.4.0/docs/SamlApplicationSettingsSignOn.md 2026-04-08 10:47:56.000000000 +0200 +++ new/okta-sdk-python-3.4.3/docs/SamlApplicationSettingsSignOn.md 2026-05-13 08:51:15.000000000 +0200 @@ -11,31 +11,31 @@ **assertion_encryption** | [**SamlAssertionEncryption**](SamlAssertionEncryption.md) | | [optional] **assertion_signed** | **bool** | Determines whether the SAML assertion is digitally signed | **attribute_statements** | [**List[SamlAttributeStatement]**](SamlAttributeStatement.md) | A list of custom attribute statements for the app's SAML assertion. See [SAML 2.0 Technical Overview](https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.html). There are two types of attribute statements: | Type | Description | | ---- | ----------- | | EXPRESSION | Generic attribute statement that can be dynamic and supports [Okta Expression Language](https://developer.okta.com/docs/reference/okta-expression-language/) | | GROUP | Group attribute statement | | [optional] -**audience** | **str** | The entity ID of the SP. Use the entity ID value exactly as provided by the SP. | +**audience** | **str** | The entity ID of the SP. Use the entity ID value exactly as provided by the SP. | [optional] **audience_override** | **str** | Audience override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm). | [optional] -**authn_context_class_ref** | **str** | Identifies the SAML authentication context class for the assertion's authentication statement | +**authn_context_class_ref** | **str** | Identifies the SAML authentication context class for the assertion's authentication statement | [optional] **configured_attribute_statements** | [**List[SamlAttributeStatement]**](SamlAttributeStatement.md) | The list of dynamic attribute statements for the SAML assertion inherited from app metadata (apps from the OIN) during app creation. There are two types of attribute statements: `EXPRESSION` and `GROUP`. | [optional] **default_relay_state** | **str** | Identifies a specific application resource in an IdP-initiated SSO scenario | [optional] -**destination** | **str** | Identifies the location inside the SAML assertion where the SAML response should be sent | +**destination** | **str** | Identifies the location inside the SAML assertion where the SAML response should be sent | [optional] **destination_override** | **str** | Destination override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm). | [optional] -**digest_algorithm** | **str** | Determines the digest algorithm used to digitally sign the SAML assertion and response | +**digest_algorithm** | **str** | Determines the digest algorithm used to digitally sign the SAML assertion and response | [optional] **honor_force_authn** | **bool** | Set to `true` to prompt users for their credentials when a SAML request has the `ForceAuthn` attribute set to `true` | -**idp_issuer** | **str** | SAML Issuer ID | +**idp_issuer** | **str** | SAML Issuer ID | [optional] **inline_hooks** | [**List[SignOnInlineHook]**](SignOnInlineHook.md) | Associates the app with SAML inline hooks. See [the SAML assertion inline hook reference](https://developer.okta.com/docs/reference/saml-hook/). | [optional] **participate_slo** | [**SloParticipate**](SloParticipate.md) | | [optional] -**recipient** | **str** | The location where the app may present the SAML assertion | +**recipient** | **str** | The location where the app may present the SAML assertion | [optional] **recipient_override** | **str** | Recipient override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm). | [optional] **request_compressed** | **bool** | Determines whether the SAML request is expected to be compressed | **response_signed** | **bool** | Determines whether the SAML authentication response message is digitally signed by the IdP > **Note:** Either (or both) `responseSigned` or `assertionSigned` must be `TRUE`. | **saml_assertion_lifetime_seconds** | **int** | Determines the SAML app session lifetimes with Okta | [optional] -**signature_algorithm** | **str** | Determines the signing algorithm used to digitally sign the SAML assertion and response | +**signature_algorithm** | **str** | Determines the signing algorithm used to digitally sign the SAML assertion and response | [optional] **slo** | [**SingleLogout**](SingleLogout.md) | | [optional] **sp_certificate** | [**SamlSpCertificate**](SamlSpCertificate.md) | | [optional] **sp_issuer** | **str** | The issuer ID for the Service Provider. This property appears when SLO is enabled. | [optional] -**sso_acs_url** | **str** | Single Sign-On Assertion Consumer Service (ACS) URL | +**sso_acs_url** | **str** | Single Sign-On Assertion Consumer Service (ACS) URL | [optional] **sso_acs_url_override** | **str** | Assertion Consumer Service (ACS) URL override for CASB configuration. See [CASB config guide](https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm). | [optional] -**subject_name_id_format** | **str** | Identifies the SAML processing rules. Supported values: | -**subject_name_id_template** | **str** | Template for app user's username when a user is assigned to the app | +**subject_name_id_format** | **str** | Identifies the SAML processing rules. Supported values: | [optional] +**subject_name_id_template** | **str** | Template for app user's username when a user is assigned to the app | [optional] ## Example diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/okta-sdk-python-3.4.0/okta/__init__.py new/okta-sdk-python-3.4.3/okta/__init__.py --- old/okta-sdk-python-3.4.0/okta/__init__.py 2026-04-08 10:47:56.000000000 +0200 +++ new/okta-sdk-python-3.4.3/okta/__init__.py 2026-05-13 08:51:15.000000000 +0200 @@ -21,7 +21,7 @@ """ # noqa: E501 -__version__ = "3.4.0" +__version__ = "3.4.3" import importlib as _importlib import threading as _threading diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/okta-sdk-python-3.4.0/okta/models/by_duration_expiry.py new/okta-sdk-python-3.4.3/okta/models/by_duration_expiry.py --- old/okta-sdk-python-3.4.0/okta/models/by_duration_expiry.py 2026-04-08 10:47:56.000000000 +0200 +++ new/okta-sdk-python-3.4.3/okta/models/by_duration_expiry.py 2026-05-13 08:51:15.000000000 +0200 @@ -51,11 +51,11 @@ return value if not re.match( - r"^P(?:$)(\d+Y)?(\d+M)?(\d+W)?(\d+D)?(T(?:\d)(\d+H)?(\d+M)?(\d+S)?)?$", + r"^P(?!$)(\d+Y)?(\d+M)?(\d+W)?(\d+D)?(T(?=\d)(\d+H)?(\d+M)?(\d+S)?)?$", value, ): raise ValueError( - r"must validate the regular expression /^P(?:$)(\d+Y)?(\d+M)?(\d+W)?(\d+D)?(T(?:\d)(\d+H)?(\d+M)?(\d+S)?)?$/" + r"must validate the regular expression /^P(?!$)(\d+Y)?(\d+M)?(\d+W)?(\d+D)?(T(?=\d)(\d+H)?(\d+M)?(\d+S)?)?$/" ) return value diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/okta-sdk-python-3.4.0/okta/models/grace_period_expiry.py new/okta-sdk-python-3.4.3/okta/models/grace_period_expiry.py --- old/okta-sdk-python-3.4.0/okta/models/grace_period_expiry.py 2026-04-08 10:47:56.000000000 +0200 +++ new/okta-sdk-python-3.4.3/okta/models/grace_period_expiry.py 2026-05-13 08:51:15.000000000 +0200 @@ -130,6 +130,44 @@ except (ValidationError, ValueError) as e: error_messages.append(str(e)) + # If no match found and the data is a primitive value, retry by wrapping + # it into each oneOf schema's single-property structure. This handles API + # responses where a scalar is returned for a oneOf field whose schemas + # are single-property objects. + if match == 0: + try: + _parsed_value = json.loads(json_str) + except (json.JSONDecodeError, TypeError): + _parsed_value = None + if _parsed_value is not None and isinstance( + _parsed_value, (str, int, float, bool) + ): + _retry_error_messages = [] + # retry ByDateTimeExpiry with wrapped primitive + try: + _model_fields = list(ByDateTimeExpiry.model_fields.keys()) + if len(_model_fields) == 1: + instance.actual_instance = ByDateTimeExpiry.model_validate( + {_model_fields[0]: _parsed_value} + ) + match += 1 + except (ValidationError, ValueError) as e: + _retry_error_messages.append(str(e)) + # retry ByDurationExpiry with wrapped primitive + try: + _model_fields = list(ByDurationExpiry.model_fields.keys()) + if len(_model_fields) == 1: + instance.actual_instance = ByDurationExpiry.model_validate( + {_model_fields[0]: _parsed_value} + ) + match += 1 + except (ValidationError, ValueError) as e: + _retry_error_messages.append(str(e)) + if match > 0: + error_messages = _retry_error_messages + else: + error_messages.extend(_retry_error_messages) + if match > 1: # more than 1 match raise ValueError( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/okta-sdk-python-3.4.0/okta/models/saml_application_settings_sign_on.py new/okta-sdk-python-3.4.3/okta/models/saml_application_settings_sign_on.py --- old/okta-sdk-python-3.4.0/okta/models/saml_application_settings_sign_on.py 2026-04-08 10:47:56.000000000 +0200 +++ new/okta-sdk-python-3.4.3/okta/models/saml_application_settings_sign_on.py 2026-05-13 08:51:15.000000000 +0200 @@ -80,8 +80,9 @@ "statement | ", alias="attributeStatements", ) - audience: StrictStr = Field( - description="The entity ID of the SP. Use the entity ID value exactly as provided by the SP." + audience: Optional[StrictStr] = Field( + default=None, + description="The entity ID of the SP. Use the entity ID value exactly as provided by the SP.", ) audience_override: Optional[StrictStr] = Field( default=None, @@ -89,7 +90,8 @@ "https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm).", alias="audienceOverride", ) - authn_context_class_ref: StrictStr = Field( + authn_context_class_ref: Optional[StrictStr] = Field( + default=None, description="Identifies the SAML authentication context class for the assertion's authentication statement", alias="authnContextClassRef", ) @@ -104,8 +106,9 @@ description="Identifies a specific application resource in an IdP-initiated SSO scenario", alias="defaultRelayState", ) - destination: StrictStr = Field( - description="Identifies the location inside the SAML assertion where the SAML response should be sent" + destination: Optional[StrictStr] = Field( + default=None, + description="Identifies the location inside the SAML assertion where the SAML response should be sent", ) destination_override: Optional[StrictStr] = Field( default=None, @@ -113,7 +116,8 @@ "https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm).", alias="destinationOverride", ) - digest_algorithm: StrictStr = Field( + digest_algorithm: Optional[StrictStr] = Field( + default=None, description="Determines the digest algorithm used to digitally sign the SAML assertion and response", alias="digestAlgorithm", ) @@ -122,7 +126,9 @@ "set to `true`", alias="honorForceAuthn", ) - idp_issuer: StrictStr = Field(description="SAML Issuer ID", alias="idpIssuer") + idp_issuer: Optional[StrictStr] = Field( + default=None, description="SAML Issuer ID", alias="idpIssuer" + ) inline_hooks: Optional[List[SignOnInlineHook]] = Field( default=None, description="Associates the app with SAML inline hooks. See [the SAML assertion inline hook reference](" @@ -132,8 +138,9 @@ participate_slo: Optional[SloParticipate] = Field( default=None, alias="participateSlo" ) - recipient: StrictStr = Field( - description="The location where the app may present the SAML assertion" + recipient: Optional[StrictStr] = Field( + default=None, + description="The location where the app may present the SAML assertion", ) recipient_override: Optional[StrictStr] = Field( default=None, @@ -155,7 +162,8 @@ description="Determines the SAML app session lifetimes with Okta", alias="samlAssertionLifetimeSeconds", ) - signature_algorithm: StrictStr = Field( + signature_algorithm: Optional[StrictStr] = Field( + default=None, description="Determines the signing algorithm used to digitally sign the SAML assertion and response", alias="signatureAlgorithm", ) @@ -168,7 +176,8 @@ description="The issuer ID for the Service Provider. This property appears when SLO is enabled.", alias="spIssuer", ) - sso_acs_url: StrictStr = Field( + sso_acs_url: Optional[StrictStr] = Field( + default=None, description="Single Sign-On Assertion Consumer Service (ACS) URL", alias="ssoAcsUrl", ) @@ -178,11 +187,13 @@ "https://help.okta.com/en-us/Content/Topics/Apps/CASB-config-guide.htm).", alias="ssoAcsUrlOverride", ) - subject_name_id_format: StrictStr = Field( + subject_name_id_format: Optional[StrictStr] = Field( + default=None, description="Identifies the SAML processing rules. Supported values:", alias="subjectNameIdFormat", ) - subject_name_id_template: StrictStr = Field( + subject_name_id_template: Optional[StrictStr] = Field( + default=None, description="Template for app user's username when a user is assigned to the app", alias="subjectNameIdTemplate", ) @@ -222,6 +233,9 @@ @field_validator("authn_context_class_ref") def authn_context_class_ref_validate_enum(cls, value): """Validates the enum""" + if value is None: + return value + if value not in set( [ "urn:federation:authentication:windows", @@ -245,6 +259,9 @@ @field_validator("digest_algorithm") def digest_algorithm_validate_enum(cls, value): """Validates the enum""" + if value is None: + return value + if value not in set(["SHA1", "SHA256"]): raise ValueError("must be one of enum values ('SHA1', 'SHA256')") return value @@ -252,6 +269,9 @@ @field_validator("signature_algorithm") def signature_algorithm_validate_enum(cls, value): """Validates the enum""" + if value is None: + return value + if value not in set(["RSA_SHA1", "RSA_SHA256"]): raise ValueError("must be one of enum values ('RSA_SHA1', 'RSA_SHA256')") return value @@ -259,6 +279,9 @@ @field_validator("subject_name_id_format") def subject_name_id_format_validate_enum(cls, value): """Validates the enum""" + if value is None: + return value + if value not in set( [ "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/okta-sdk-python-3.4.0/openapi/api.yaml new/okta-sdk-python-3.4.3/openapi/api.yaml --- old/okta-sdk-python-3.4.0/openapi/api.yaml 2026-04-08 10:47:56.000000000 +0200 +++ new/okta-sdk-python-3.4.3/openapi/api.yaml 2026-05-13 08:51:15.000000000 +0200 @@ -62100,7 +62100,7 @@ value: type: string description: A time duration in ISO 8601 duration format. - pattern: ^P(?:$)(\d+Y)?(\d+M)?(\d+W)?(\d+D)?(T(?:\d)(\d+H)?(\d+M)?(\d+S)?)?$ + pattern: ^P(?!$)(\d+Y)?(\d+M)?(\d+W)?(\d+D)?(T(?=\d)(\d+H)?(\d+M)?(\d+S)?)?$ CAPTCHAInstance: title: CAPTCHAInstance description: '' @@ -65855,6 +65855,7 @@ type: object properties: expiry: + x-okta-primitive-fallback: true oneOf: - $ref: '#/components/schemas/ByDateTimeExpiry' - $ref: '#/components/schemas/ByDurationExpiry' @@ -77142,19 +77143,9 @@ required: - allowMultipleAcsEndpoints - assertionSigned - - audience - - authnContextClassRef - - destination - - digestAlgorithm - honorForceAuthn - - idpIssuer - - recipient - requestCompressed - responseSigned - - signatureAlgorithm - - ssoAcsUrl - - subjectNameIdFormat - - subjectNameIdTemplate SamlAssertionEncryption: description: Determines if the app supports encrypted assertions type: object diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/okta-sdk-python-3.4.0/openapi/config.yaml new/okta-sdk-python-3.4.3/openapi/config.yaml --- old/okta-sdk-python-3.4.0/openapi/config.yaml 2026-04-08 10:47:56.000000000 +0200 +++ new/okta-sdk-python-3.4.3/openapi/config.yaml 2026-05-13 08:51:15.000000000 +0200 @@ -1,7 +1,7 @@ templateDir: ./templates outputDir: .. packageName: okta -packageVersion: 3.4.0 +packageVersion: 3.4.3 useOneOfDiscriminatorLookup: true files: okta/okta_configuration.mustache: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/okta-sdk-python-3.4.0/openapi/templates/model_oneof.mustache new/okta-sdk-python-3.4.3/openapi/templates/model_oneof.mustache --- old/okta-sdk-python-3.4.0/openapi/templates/model_oneof.mustache 2026-04-08 10:47:56.000000000 +0200 +++ new/okta-sdk-python-3.4.3/openapi/templates/model_oneof.mustache 2026-05-13 08:51:15.000000000 +0200 @@ -167,6 +167,40 @@ {{/isContainer}} {{/composedSchemas.oneOf}} + {{#vendorExtensions.x-okta-primitive-fallback}} + # If no match found and the data is a primitive value, retry by wrapping + # it into each oneOf schema's single-property structure. This handles API + # responses where a scalar is returned for a oneOf field whose schemas + # are single-property objects. + if match == 0: + try: + _parsed_value = json.loads(json_str) + except (json.JSONDecodeError, TypeError): + _parsed_value = None + if _parsed_value is not None and isinstance(_parsed_value, (str, int, float, bool)): + _retry_error_messages = [] + {{#composedSchemas.oneOf}} + {{^isContainer}} + {{^isPrimitiveType}} + {{! Only retry non-primitive, non-container schemas. Primitive oneOf + schemas would have already matched during the initial attempt above. }} + # retry {{{dataType}}} with wrapped primitive + try: + _model_fields = list({{{dataType}}}.model_fields.keys()) + if len(_model_fields) == 1: + instance.actual_instance = {{{dataType}}}.model_validate({_model_fields[0]: _parsed_value}) + match += 1 + except (ValidationError, ValueError) as e: + _retry_error_messages.append(str(e)) + {{/isPrimitiveType}} + {{/isContainer}} + {{/composedSchemas.oneOf}} + if match > 0: + error_messages = _retry_error_messages + else: + error_messages.extend(_retry_error_messages) + {{/vendorExtensions.x-okta-primitive-fallback}} + if match > 1: # more than 1 match raise ValueError("Multiple matches found when deserializing the JSON string into {{{classname}}} with oneOf schemas: {{#oneOf}}{{{.}}}{{^-last}}, {{/-last}}{{/oneOf}}. Details: " + ", ".join(error_messages)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/okta-sdk-python-3.4.0/openapi/templates/pyproject.mustache new/okta-sdk-python-3.4.3/openapi/templates/pyproject.mustache --- old/okta-sdk-python-3.4.0/openapi/templates/pyproject.mustache 2026-04-08 10:47:56.000000000 +0200 +++ new/okta-sdk-python-3.4.3/openapi/templates/pyproject.mustache 2026-05-13 08:51:15.000000000 +0200 @@ -29,9 +29,9 @@ typing-extensions = ">=4.7.1" [tool.poetry.dev-dependencies] -pytest = ">=7.2.1" -tox = ">=3.9.0" -flake8 = ">=4.0.0" +pytest = ">=9.0.3" +tox = ">=4.30.3" +flake8 = ">=7.3.0" types-python-dateutil = ">=2.8.19.14" mypy = "1.4.1" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/okta-sdk-python-3.4.0/openapi/templates/requirements.mustache new/okta-sdk-python-3.4.3/openapi/templates/requirements.mustache --- old/okta-sdk-python-3.4.0/openapi/templates/requirements.mustache 2026-04-08 10:47:56.000000000 +0200 +++ new/okta-sdk-python-3.4.3/openapi/templates/requirements.mustache 2026-05-13 08:51:15.000000000 +0200 @@ -1,22 +1,22 @@ -aenum==3.1.11 -aiohttp==3.12.14 +aenum==3.1.17 +aiohttp==3.13.5 blinker==1.9.0 -jwcrypto==1.5.6 +jwcrypto==1.5.7 pycryptodomex==3.23.0 pydantic==2.11.3 -pydash==8.0.5 -PyJWT==2.10.1 +pydash==8.0.6 +PyJWT==2.12.1 python-dateutil==2.9.0.post0 -PyYAML==6.0.2 -requests==2.32.3 -xmltodict==0.14.2 +PyYAML==6.0.3 +requests==2.33.0 +xmltodict==1.0.4 # Development & Testing Tools -flake8==7.1.2 -pyfakefs==5.8.0 -pytest==8.3.5 -pytest-asyncio==0.26.0 -pytest-mock==3.14.0 -pytest-recording==0.13.2 -tox==4.24.2 -twine==6.1.0 +flake8==7.3.0 +pyfakefs==5.10.2 +pytest==9.0.3 +pytest-asyncio==1.3.0 +pytest-mock==3.15.1 +pytest-recording==0.13.4 +tox==4.30.3 +twine==6.2.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/okta-sdk-python-3.4.0/openapi/templates/setup.mustache new/okta-sdk-python-3.4.3/openapi/templates/setup.mustache --- old/okta-sdk-python-3.4.0/openapi/templates/setup.mustache 2026-04-08 10:47:56.000000000 +0200 +++ new/okta-sdk-python-3.4.3/openapi/templates/setup.mustache 2026-05-13 08:51:15.000000000 +0200 @@ -33,18 +33,18 @@ NAME = "okta" PYTHON_REQUIRES = ">=3.10" REQUIRES = [ - "aenum >= 3.1.11", - "aiohttp >= 3.12.14", + "aenum >= 3.1.17", + "aiohttp >= 3.13.5", "blinker >= 1.9.0", - 'jwcrypto >= 1.5.6', + 'jwcrypto >= 1.5.7', "pycryptodomex >= 3.23.0", "pydantic >= 2.11.3", - "pydash >= 8.0.5", - "PyJWT >= 2.10.1", + "pydash >= 8.0.6", + "PyJWT >= 2.12.1", "python-dateutil >= 2.9.0.post0", - "PyYAML >= 6.0.2", - "requests >= 2.32.3", - "xmltodict >= 0.14.2", + "PyYAML >= 6.0.3", + "requests >= 2.33.0", + "xmltodict >= 1.0.4", ] def get_version(): @@ -70,7 +70,7 @@ "Topic :: Software Development :: Libraries :: Python Modules", ], name=NAME, - version="3.4.0", + version="3.4.3", description="Python SDK for the Okta Management API", author="Okta, Inc.", author_email="[email protected]", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/okta-sdk-python-3.4.0/openapi/templates/test-requirements.mustache new/okta-sdk-python-3.4.3/openapi/templates/test-requirements.mustache --- old/okta-sdk-python-3.4.0/openapi/templates/test-requirements.mustache 2026-04-08 10:47:56.000000000 +0200 +++ new/okta-sdk-python-3.4.3/openapi/templates/test-requirements.mustache 2026-05-13 08:51:15.000000000 +0200 @@ -1,5 +1,5 @@ -pytest~=7.1.3 -pytest-cov>=2.8.1 -pytest-randomly>=3.12.0 +pytest~=9.0.3 +pytest-cov>=7.1.0 +pytest-randomly>=4.0.1 mypy>=1.4.1 types-python-dateutil>=2.8.19 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/okta-sdk-python-3.4.0/pyproject.toml new/okta-sdk-python-3.4.3/pyproject.toml --- old/okta-sdk-python-3.4.0/pyproject.toml 2026-04-08 10:47:56.000000000 +0200 +++ new/okta-sdk-python-3.4.3/pyproject.toml 2026-05-13 08:51:15.000000000 +0200 @@ -1,6 +1,6 @@ [tool.poetry] name = "okta" -version = "3.4.0" +version = "3.4.3" description = "Okta Admin Management" authors = ["Okta Developer Team <[email protected]>"] license = "Apache-2.0" @@ -18,9 +18,9 @@ typing-extensions = ">=4.7.1" [tool.poetry.dev-dependencies] -pytest = ">=7.2.1" -tox = ">=3.9.0" -flake8 = ">=4.0.0" +pytest = ">=9.0.3" +tox = ">=4.30.3" +flake8 = ">=7.3.0" types-python-dateutil = ">=2.8.19.14" mypy = "1.4.1" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/okta-sdk-python-3.4.0/requirements.txt new/okta-sdk-python-3.4.3/requirements.txt --- old/okta-sdk-python-3.4.0/requirements.txt 2026-04-08 10:47:56.000000000 +0200 +++ new/okta-sdk-python-3.4.3/requirements.txt 2026-05-13 08:51:15.000000000 +0200 @@ -1,22 +1,22 @@ -aenum==3.1.11 -aiohttp==3.12.14 +aenum==3.1.17 +aiohttp==3.13.5 blinker==1.9.0 -jwcrypto==1.5.6 +jwcrypto==1.5.7 pycryptodomex==3.23.0 pydantic==2.11.3 -pydash==8.0.5 -PyJWT==2.10.1 +pydash==8.0.6 +PyJWT==2.12.1 python-dateutil==2.9.0.post0 -PyYAML==6.0.2 -requests==2.32.3 -xmltodict==0.14.2 +PyYAML==6.0.3 +requests==2.33.0 +xmltodict==1.0.4 # Development & Testing Tools -flake8==7.1.2 -pyfakefs==5.8.0 -pytest==8.3.5 -pytest-asyncio==0.26.0 -pytest-mock==3.14.0 -pytest-recording==0.13.2 -tox==4.24.2 -twine==6.1.0 +flake8==7.3.0 +pyfakefs==5.10.2 +pytest==9.0.3 +pytest-asyncio==1.3.0 +pytest-mock==3.15.1 +pytest-recording==0.13.4 +tox==4.30.3 +twine==6.2.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/okta-sdk-python-3.4.0/setup.py new/okta-sdk-python-3.4.3/setup.py --- old/okta-sdk-python-3.4.0/setup.py 2026-04-08 10:47:56.000000000 +0200 +++ new/okta-sdk-python-3.4.3/setup.py 2026-05-13 08:51:15.000000000 +0200 @@ -33,18 +33,18 @@ NAME = "okta" PYTHON_REQUIRES = ">=3.10" REQUIRES = [ - "aenum >= 3.1.11", - "aiohttp >= 3.12.14", + "aenum >= 3.1.17", + "aiohttp >= 3.13.5", "blinker >= 1.9.0", - 'jwcrypto >= 1.5.6', + 'jwcrypto >= 1.5.7', "pycryptodomex >= 3.23.0", "pydantic >= 2.11.3", - "pydash >= 8.0.5", - "PyJWT >= 2.10.1", + "pydash >= 8.0.6", + "PyJWT >= 2.12.1", "python-dateutil >= 2.9.0.post0", - "PyYAML >= 6.0.2", - "requests >= 2.32.3", - "xmltodict >= 0.14.2", + "PyYAML >= 6.0.3", + "requests >= 2.33.0", + "xmltodict >= 1.0.4", ] def get_version(): @@ -70,7 +70,7 @@ "Topic :: Software Development :: Libraries :: Python Modules", ], name=NAME, - version="3.4.0", + version="3.4.3", description="Python SDK for the Okta Management API", author="Okta, Inc.", author_email="[email protected]", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/okta-sdk-python-3.4.0/test-requirements.txt new/okta-sdk-python-3.4.3/test-requirements.txt --- old/okta-sdk-python-3.4.0/test-requirements.txt 2026-04-08 10:47:56.000000000 +0200 +++ new/okta-sdk-python-3.4.3/test-requirements.txt 2026-05-13 08:51:15.000000000 +0200 @@ -1,5 +1,5 @@ -pytest~=7.1.3 -pytest-cov>=2.8.1 -pytest-randomly>=3.12.0 +pytest~=9.0.3 +pytest-cov>=7.1.0 +pytest-randomly>=4.0.1 mypy>=1.4.1 types-python-dateutil>=2.8.19
