Skip to content

Fix: Make userinfo and scope management endpoints optional in Okta Key Manager #1224

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix: Make userinfo and scope management endpoints optional in Okta Key Manager #1224

wants to merge 1 commit into from

Conversation

@ranuka-laksika
Copy link

@ranuka-laksika ranuka-laksika commented Nov 12, 2025
edited by coderabbitai bot
Loading

Fixes wso2/api-manager#4159

Issue URL: wso2/api-manager#4159

Problem

The Admin Portal UI required "userinfo" and "scope management endpoints" fields when configuring Okta as a Key Manager, but according to the documentation these fields should be optional. This prevented users from proceeding without providing values for these optional fields.

Solution

Made the userinfo and scope management endpoints truly optional by:

  1. Removed userInfoEndpoint and scopeManagementEndpoint from the required fields validation in the hasErrors function
  2. Removed validation checks for these fields in the formHasErrors function
  3. Removed the red asterisk (*) indicator from the TextField labels for both endpoints in the UI

Changes Made

  • Modified: portals/admin/src/main/webapp/source/src/app/components/KeyManagers/AddEditKeyManager.jsx
    • Lines 384-397: Removed userInfoEndpoint and scopeManagementEndpoint from the switch case in hasErrors function
    • Lines 481-491: Removed validation calls for these two endpoints in formHasErrors function
    • Lines 1250-1268: Removed required indicator (asterisk) and error validation from userInfoEndpoint TextField
    • Lines 1288-1308: Removed required indicator (asterisk) and error validation from scopeManagementEndpoint TextField

Build Information

  • Java 11 (Temurin-Hotspot)
  • Maven 3.6.3
  • Built component: portals/admin
  • Generated artifact: admin.war (22MB)

Artifacts Replaced

  • Frontend: Replaced admin folder in wso2am-4.6.0/repository/deployment/server/webapps/

Testing

No testing required for frontend changes (as per workflow guidelines for frontend-only changes)

Modified wso2am Pack Download

The complete modified wso2am-4.6.0 pack is available as a GitHub Actions artifact.

🔗 Download from GitHub Actions

Artifact Details:

  • Name: wso2am-4.6.0-issue-72.zip
  • How to Download:
    1. Click the link above
    2. Scroll to "Artifacts" section
    3. Download the zip file
    4. Extract and use directly

Contents: Complete wso2am pack with all updated artifacts ready to use.

Summary by CodeRabbit

Release Notes

  • Refactor
    • Simplified endpoint field handling in Key Manager configuration.
    • Removed required field validation for UserInfo Endpoint and Scope Management Endpoint fields.
    • Updated form label rendering for improved clarity.

@coderabbitai
Copy link

coderabbitai bot commented Nov 12, 2025
edited
Loading

Walkthrough

Removed validation and reducer update logic for userInfoEndpoint and scopeManagementEndpoint fields in the Okta Key Manager configuration form, making these fields optional per documentation. UI labels simplified by removing wrapper spans.

Changes

Cohort / File(s) Summary
Form Validation & State Management
portals/admin/src/main/webapp/source/src/app/components/KeyManagers/AddEditKeyManager.jsx		 Removed userInfoEndpoint and scopeManagementEndpoint from reducer switch statement, eliminating automatic state updates for these fields via onChange dispatch. Removed both fields from form validation checks (formHasErrors and hasErrors), disabling required-field validation and error display.
UI Rendering
portals/admin/src/main/webapp/source/src/app/components/KeyManagers/AddEditKeyManager.jsx		 Simplified label rendering by replacing <span> wrapper elements with direct FormattedMessage components for UserInfo Endpoint and Scope Management Endpoint fields.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

  • Attention areas:
    • Verify that removing reducer handling doesn't break existing state initialization or form submission flow
    • Confirm that fields remain accessible in UI for data entry but are genuinely optional (no hidden validation)
    • Ensure this change aligns with backend API expectations for these fields
    • Check if removal of validation causes orphaned field values during form submission

Poem

🐰 Endpoints once strict, now softly loose,
The UI sheds its chains of required use.
Optional at last, as docs decreed,
Validation cleared—let freedom proceed! ✨

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the main change: making userinfo and scope management endpoints optional in the Okta Key Manager, which directly addresses the PR's primary objective.
Linked Issues check ✅ Passed The PR successfully addresses all coding requirements from issue #4159: removes validation for userInfoEndpoint and scopeManagementEndpoint from hasErrors and formHasErrors, and removes required indicators from UI labels.
Out of Scope Changes check ✅ Passed All changes are directly scoped to the objective of making those two endpoints optional; no unrelated modifications are present in the changeset.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9eea9b0 and afda39f.

📒 Files selected for processing (1)
  • portals/admin/src/main/webapp/source/src/app/components/KeyManagers/AddEditKeyManager.jsx (2 hunks)
🧰 Additional context used
🧠 Learnings (1)
📚 Learning: 2025-11-10T11:56:35.556Z 
Learnt from: O-sura
Repo: wso2/apim-apps PR: 1220
File: portals/publisher/src/main/webapp/source/src/app/data/Utils.js:780-795
Timestamp: 2025-11-10T11:56:35.556Z
Learning: In portals/publisher/src/main/webapp/source/src/app/data/Utils.js, the formatAndGetRoleByDomain function does not need null/undefined checks or trimming because it's only called in four controlled locations (CreateScope.jsx and EditScope.jsx in Apis/Details/Scopes and Scopes paths) after successful role validation through APIValidation.role.validate(base64url.encode(role)), and adding trimming could break compatibility with existing scopes that contain spaces.

Applied to files:

  • portals/admin/src/main/webapp/source/src/app/components/KeyManagers/AddEditKeyManager.jsx
🔇 Additional comments (1)
portals/admin/src/main/webapp/source/src/app/components/KeyManagers/AddEditKeyManager.jsx (1)

1255-1268: Optional endpoints now align with docs

Nice cleanup—dropping the asterisk/error wiring plus removing these fields from hasErrors/formHasErrors lets the form submit without values, which matches the Okta Key Manager docs that list both endpoints as optional.(apim.docs.wso2.com)

Also applies to: 1293-1308

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 12, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Piumal1999
Piumal1999 reviewed Nov 26, 2025
View reviewed changes
Copy link
Contributor

@Piumal1999 Piumal1999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently, the frontend is hardcoded to make these two fields mandatory for all Key Manager types. We cannot make them optional universally, as some Key Managers require these fields to be mandatory.

Probable ways to fix:

  1. Hardcode the frontend to set the fields as mandatory or optional based on the Key Manager type (Example: make it optional if the key manager type is Okta). This is not recommended, as it will increase maintenance overhead and reduce flexibility for future Key Manager types.

  2. Fetch the Key Manager endpoint properties related to mandatory/optional fields from the backend and render the form dynamically based on that. (similar to how we handle connector configurations). Needs investigation to confirm the feasibility of this approach.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Piumal1999 Piumal1999 Piumal1999 left review comments

@lasanthaS lasanthaS Awaiting requested review from lasanthaS lasanthaS is a code owner

@Krishanx92 Krishanx92 Awaiting requested review from Krishanx92 Krishanx92 is a code owner

@tharikaGitHub tharikaGitHub Awaiting requested review from tharikaGitHub tharikaGitHub is a code owner

@piyumaldk piyumaldk Awaiting requested review from piyumaldk piyumaldk is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Conflict between UI and the documentation on required fields in Okta as a KM configuration

2 participants

@ranuka-laksika @Piumal1999