While building a TypeScript OAuth Authorization Server on top of @authlete/typescript-sdk, I hit following three issues on the latest SDK:
1. ticket/update — info field has the wrong type
The SDK types info as a string, but the live API requires info: { context: string } (same shape that ticket/info returns).
What happens: sending the string form returns A126202 — invalid value for field '$.info'. Zod validates the request before sending, so as any doesn't help. I had to drop down to fetch for this one endpoint.
Suggested fix: retype info in the OpenAPI spec.
2. federation/configuration — can't send entityTypes filter
FederationConfigurationApiRequestBody is generated as an empty {}, so there's no way to pass the entityTypes filter. The Java reference sends entityTypes: [\"OPENID_PROVIDER\", \"OPENID_CREDENTIAL_ISSUER\"].
What happens: I just can't pass the filter. Authlete falls back to emitting all enabled types, which works fine for me — but it's not canonical with the Java behavior.
Suggested fix: add entityTypes?: EntityType[] to the request body schema.
3. federation/configuration — requestBody is typed optional but isn't really
requestBody is ?: ... on the request type. If I omit it, the SDK still sets Content-Type: application/json but sends no body.
What happens: Authlete returns 400 (it needs a JSON body when Content-Type says JSON), and the SDK throws AuthleteError. Easy to miss because the type says it's optional.
Workaround: explicitly pass requestBody: {}.
Suggested fix: either default requestBody to {} before sending, or make it non-optional in the type.
While building a TypeScript OAuth Authorization Server on top of
@authlete/typescript-sdk, I hit following three issues on the latest SDK:1.
ticket/update—infofield has the wrong typeThe SDK types
infoas astring, but the live API requiresinfo: { context: string }(same shape thatticket/inforeturns).What happens: sending the string form returns
A126202 — invalid value for field '$.info'. Zod validates the request before sending, soas anydoesn't help. I had to drop down tofetchfor this one endpoint.Suggested fix: retype
infoin the OpenAPI spec.2.
federation/configuration— can't sendentityTypesfilterFederationConfigurationApiRequestBodyis generated as an empty{}, so there's no way to pass theentityTypesfilter. The Java reference sendsentityTypes: [\"OPENID_PROVIDER\", \"OPENID_CREDENTIAL_ISSUER\"].What happens: I just can't pass the filter. Authlete falls back to emitting all enabled types, which works fine for me — but it's not canonical with the Java behavior.
Suggested fix: add
entityTypes?: EntityType[]to the request body schema.3.
federation/configuration—requestBodyis typed optional but isn't reallyrequestBodyis?: ...on the request type. If I omit it, the SDK still setsContent-Type: application/jsonbut sends no body.What happens: Authlete returns 400 (it needs a JSON body when Content-Type says JSON), and the SDK throws
AuthleteError. Easy to miss because the type says it's optional.Workaround: explicitly pass
requestBody: {}.Suggested fix: either default
requestBodyto{}before sending, or make it non-optional in the type.