Fix duplicate client-uuid path parameter in OpenAPI spec#46016
Merged
ahus1 merged 1 commit intokeycloak:mainfrom Feb 16, 2026
Merged
Fix duplicate client-uuid path parameter in OpenAPI spec#46016ahus1 merged 1 commit intokeycloak:mainfrom
ahus1 merged 1 commit intokeycloak:mainfrom
Conversation
62bd168 to
3a1dc02
Compare
Rename {client-uuid} to {targetClientUuid} in RoleContainerResource to
avoid duplicate parameter names when the resource is mounted under
ClientResource. {clientUuid} is not sufficient because code generators
normalise {client-uuid} from the parent path to clientUuid as well.
Closes keycloak#46015
Signed-off-by: Zorian Motso <zorianmotso@gmail.com>
3a1dc02 to
1ad5f17
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #46015
The endpoint
GET /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/composites/clients/{client-uuid}contains two path parameters with the same name{client-uuid}, which produces an invalid OpenAPI specification.This breaks OpenAPI code generators like oapi-codegen that rely on unique parameter names per path.
Solution
Rename
{client-uuid}to{targetClientUuid}inRoleContainerResource.java.{clientUuid}is not sufficient because most code generators normalise{client-uuid}(from the parent path) toclientUuidas well, which would still produce a collision.{targetClientUuid}makes the semantics clear: it refers to the client whose roles are being queried as composites, not the client that owns the role.Impact
This is a non-breaking change: