Releases: onelogin/onelogin-python-sdk
Release list
4.0.1
Bug Fixes
remove_role_users/remove_role_admins(DELETE /api/2/roles/{role_id}/usersand.../admins): both methods were broken since the SDK was generated — they serialized the body as{"user_id": [...]}, but the API parses these endpoints with a strict array parser and rejects the object form with 400"Expected array in request"(issue #134). The siblingadd_role_usershad the correct raw-array body all along; the OpenAPI spec transcribed the wrong shape for the DELETEs. Both methods now send a raw JSON array (e.g.[123, 456]) and accept a plainList[int], matchingadd_role_users. Passing aRemoveRoleUsersRequestis still accepted for backward compatibility and is unwrapped to the raw array before sending; the class is now documented as deprecated.
4.0.0
Breaking Changes
Removes six orphan model classes that the original OpenAPI Generator produced but no SDK API method ever deserialized into, accepted as input, or composed into a live model. They had been re-exported from onelogin/__init__.py historically.
Removed classes:
CreatePrivilege200Response— the livecreate_privilegeendpoint returnsPrivilegedirectly; this model was never bound to that endpoint.ListPrivelegeRoles200Response— misspelled twin of the liveListPrivilegeRoles200Response(note "Privilege" vs "Privelege"); generator artifact.Locale— never referenced by any endpoint or composed by any other model.OidcAppAllOf— OpenAPI GeneratorallOf-inheritance artifact; the user-facingOidcAppclass remains and is still live (viaCreateAppRequest'soneOf).SamlAppAllOf— same as above forSamlApp.Verb— generated event-type enum; no endpoint emitted or consumed it.
Migration: callers importing any of these directly (e.g. from onelogin import Verb) need to either update their code to stop importing the unused class, or pin to the 3.x stream:
pip install "onelogin~=3.2"(3.2.9 is the latest patch in that stream and contains all bug fixes up to and including this release.)
Context
This is the final release in a day-long maintainability sweep that excised generator-era debt from the SDK. The full arc:
- #127 — strip stale "auto-generated, do not edit" boilerplate
- #129 — delete 178 assertion-less stub test files (real test count: 66)
- #130 — add
ruffto CI; fix two latentNameErrorbugs inAuthMethod.from_json/Verb.from_json; bump action versions - #131 (3.2.9) — fix
AuthServer.descriptionnullability - #132 (this release) — delete orphan model classes
- #133 — clean up README inaccuracies
PRs: #132 (delete orphan model classes, bump to 4.0.0).
3.2.9
Bug Fixes
get_authorization_server(GET /api/2/api_authorizations/{id}): Auth servers are implemented as Apps rows withauth_type=9. The underlyingapps.descriptioncolumn is nullable in core-api, so the endpoint returns"description": nullfor any auth server created without a description. The SDK had typedAuthServer.descriptionas requiredStrictStr, causing pydanticValidationErroron those responses.descriptionis nowOptional[StrictStr](defaulting toNone), so null/absent descriptions deserialize correctly. The existingexclude_none=Trueinto_dictdrops it from request bodies when unset.
PRs: #131 (allow null description on AuthServer responses).
Discovered via the StrictField nullability audit run after #130 merged.
3.2.8
Bug Fixes
update_mapping(PUT /api/2/mappings/{mapping_id}): Updating a mapping to setstatustodisabled(i.e.enabled: false) failed with a pydanticValidationErrorbecause the API returnsnullforpositionon disabled mappings, butpositionwas typed as the required non-nullableStrictInt.positionis nowOptional[StrictInt](defaulting toNone), so disabled-mapping responses deserialize correctly. The existingexclude_none=Trueinto_dictensuresnullpositions are omitted from update request bodies, preventing the API's 422 "Position cannot be set while the mapping is not enabled" error.
PRs: #126 (allow null position in Mapping for disabled mappings).
Fixes: #125.
3.2.7
Bug Fixes
create_mapping(POST /api/2/mappings): Successful creates were raisingpydantic.ValidationErrorbecause the API returns a partial payload ({"id": ...}) whileMappingrequiresname,enabled,match,position,conditions, andactions.Mapping.from_dictnow keeps strict validation as the default but falls back tomodel_constructfor the narrow id-only case, so successful creates return aMappingwithidpopulated instead of raising. All other malformed/partial payloads (including{"id": null}) still raise the originalValidationError. Callers that need the full mapping should follow up withget_mapping(result.id).
Note: this fix is a hand-edit in generated
onelogin/models/mapping.pyand must be preserved/re-applied on future OpenAPI regenerations unless moved into the generator/spec output.
PRs: #122 (id-only fallback in Mapping.from_dict + docstring + negative-case tests), #123 (changelog correction).
3.2.6
Bug Fixes
create_role(POST /api/2/roles): Fixed a pydanticValidationErrorthat occurred when the SDK tried to deserialize the 201 response. The API returns a single object{"id": ...}, but the SDK had declared the return type asList[CreateRole201ResponseInner]. The deserializer iterated over the dict keys, passing the string'id'tofrom_dict, which pydantic rejected. The return type is now correctlyCreateRole201ResponseInner.create_mapping(POST /api/2/mappings): Fixed the same class of bug. The API returns a singleMappingobject, but the SDK had declaredList[Mapping]. This also led to user confusion: the'id'string in the error message was misread as a required field, causing users to includeidin the request body, which the server rejected with"Field is not allowed". The return type is now correctlyMapping.
Other Changes
- Replaced all uses of the deprecated Pydantic v2
parse_objmethod withmodel_validateand all uses ofself.dict()withself.model_dump()across all model files, eliminating all remaining deprecated Pydantic v2 API usage in the models package.
PRs: #119 (fixes + deprecation cleanup), #120 (version bump correction).
3.2.5
What's Changed
- Restore LICENSE file removed in v3.1.1 by @dvir-cyber in #117
New Contributors
- @dvir-cyber made their first contribution in #117
Full Changelog: 3.2.4...3.2.5
3.2.4
What's Changed
- Update Python version matrix to 3.10-3.13 by @Copilot in #115
- Fix type validation errors in User model and get_auth_factors API by @Copilot in #114
Full Changelog: 3.2.3...3.2.4
3.2.3
What's Changed
- Fix missing OAuth2 authentication for create_user2 and update_user2 methods by @Copilot in #112
Full Changelog: 3.2.2...3.2.3
3.2.2
What's Changed
- Fix version number mismatch: Update to 3.2.1 in pyproject.toml and init.py by @Copilot in #108
- Add custom_attributes field support to User model by @Copilot in #110
Full Changelog: 3.2.1...3.2.2