Fix: Make userinfo and scope management endpoints optional in Okta Key Manager

[ranuka-laksika]

Fixes wso2/api-manager#4159

Issue URL: wso2/api-manager#4159

Problem

The Admin Portal UI required "userinfo" and "scope management endpoints" fields when configuring Okta as a Key Manager, but according to the documentation these fields should be optional. This prevented users from proceeding without providing values for these optional fields.

Solution

Made the userinfo and scope management endpoints truly optional by:

1. Removed userInfoEndpoint and scopeManagementEndpoint from the required fields validation in the hasErrors function
2. Removed validation checks for these fields in the formHasErrors function
3. Removed the red asterisk (*) indicator from the TextField labels for both endpoints in the UI

Changes Made

• Modified: portals/admin/src/main/webapp/source/src/app/components/KeyManagers/AddEditKeyManager.jsx
  • Lines 384-397: Removed userInfoEndpoint and scopeManagementEndpoint from the switch case in hasErrors function
  • Lines 481-491: Removed validation calls for these two endpoints in formHasErrors function
  • Lines 1250-1268: Removed required indicator (asterisk) and error validation from userInfoEndpoint TextField
  • Lines 1288-1308: Removed required indicator (asterisk) and error validation from scopeManagementEndpoint TextField

Build Information

• Java 11 (Temurin-Hotspot)
• Maven 3.6.3
• Built component: portals/admin
• Generated artifact: admin.war (22MB)

Artifacts Replaced

• Frontend: Replaced admin folder in wso2am-4.6.0/repository/deployment/server/webapps/

Testing

No testing required for frontend changes (as per workflow guidelines for frontend-only changes)

Modified wso2am Pack Download

The complete modified wso2am-4.6.0 pack is available as a GitHub Actions artifact.

🔗 Download from GitHub Actions

Artifact Details:

• Name: wso2am-4.6.0-issue-72.zip
• How to Download:
  1. Click the link above
  2. Scroll to "Artifacts" section
  3. Download the zip file
  4. Extract and use directly

Contents: Complete wso2am pack with all updated artifacts ready to use.

Summary by CodeRabbit

Release Notes

• Refactor
  • Simplified endpoint field handling in Key Manager configuration.
  • Removed required field validation for UserInfo Endpoint and Scope Management Endpoint fields.
  • Updated form label rendering for improved clarity.

[coderabbitai]

Walkthrough

Removed validation and reducer update logic for userInfoEndpoint and scopeManagementEndpoint fields in the Okta Key Manager configuration form, making these fields optional per documentation. UI labels simplified by removing wrapper spans.

Changes

Cohort / File(s)	Summary
Form Validation & State Management portals/admin/src/main/webapp/source/src/app/components/KeyManagers/AddEditKeyManager.jsx	Removed userInfoEndpoint and scopeManagementEndpoint from reducer switch statement, eliminating automatic state updates for these fields via onChange dispatch. Removed both fields from form validation checks (formHasErrors and hasErrors), disabling required-field validation and error display.
UI Rendering portals/admin/src/main/webapp/source/src/app/components/KeyManagers/AddEditKeyManager.jsx	Simplified label rendering by replacing <span> wrapper elements with direct FormattedMessage components for UserInfo Endpoint and Scope Management Endpoint fields.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

• Attention areas:
  • Verify that removing reducer handling doesn't break existing state initialization or form submission flow
  • Confirm that fields remain accessible in UI for data entry but are genuinely optional (no hidden validation)
  • Ensure this change aligns with backend API expectations for these fields
  • Check if removal of validation causes orphaned field values during form submission

Poem

🐰 Endpoints once strict, now softly loose,
The UI sheds its chains of required use.
Optional at last, as docs decreed,
Validation cleared—let freedom proceed! ✨

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: making userinfo and scope management endpoints optional in the Okta Key Manager, which directly addresses the PR's primary objective.
Linked Issues check	✅ Passed	The PR successfully addresses all coding requirements from issue #4159: removes validation for userInfoEndpoint and scopeManagementEndpoint from hasErrors and formHasErrors, and removes required indicators from UI labels.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to the objective of making those two endpoints optional; no unrelated modifications are present in the changeset.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9eea9b0 and afda39f.

📒 Files selected for processing (1)

• portals/admin/src/main/webapp/source/src/app/components/KeyManagers/AddEditKeyManager.jsx (2 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-11-10T11:56:35.556Z

Learnt from: O-sura
Repo: wso2/apim-apps PR: 1220
File: portals/publisher/src/main/webapp/source/src/app/data/Utils.js:780-795
Timestamp: 2025-11-10T11:56:35.556Z
Learning: In portals/publisher/src/main/webapp/source/src/app/data/Utils.js, the formatAndGetRoleByDomain function does not need null/undefined checks or trimming because it's only called in four controlled locations (CreateScope.jsx and EditScope.jsx in Apis/Details/Scopes and Scopes paths) after successful role validation through APIValidation.role.validate(base64url.encode(role)), and adding trimming could break compatibility with existing scopes that contain spaces.

Applied to files:

• portals/admin/src/main/webapp/source/src/app/components/KeyManagers/AddEditKeyManager.jsx

🔇 Additional comments (1)

portals/admin/src/main/webapp/source/src/app/components/KeyManagers/AddEditKeyManager.jsx (1)

1255-1268: Optional endpoints now align with docs

Nice cleanup—dropping the asterisk/error wiring plus removing these fields from hasErrors/formHasErrors lets the form submit without values, which matches the Okta Key Manager docs that list both endpoints as optional.(apim.docs.wso2.com)

Also applies to: 1293-1308

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Piumal1999]

Currently, the frontend is hardcoded to make these two fields mandatory for all Key Manager types. We cannot make them optional universally, as some Key Managers require these fields to be mandatory.

Probable ways to fix:

1. Hardcode the frontend to set the fields as mandatory or optional based on the Key Manager type (Example: make it optional if the key manager type is Okta). This is not recommended, as it will increase maintenance overhead and reduce flexibility for future Key Manager types.

2. Fetch the Key Manager endpoint properties related to mandatory/optional fields from the backend and render the form dynamically based on that. (similar to how we handle connector configurations). Needs investigation to confirm the feasibility of this approach.