fix(backend): Align enterprise connection create and update params with the Backend API#9155
fix(backend): Align enterprise connection create and update params with the Backend API#9155manovotny wants to merge 5 commits into
Conversation
…onParams The Backend API validates provider as required on enterprise connection creation, so calls without it type-checked but failed at runtime. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…ntract Reuses the OrganizationEnterpriseConnectionProvider union from @clerk/shared/types (matching the sibling SamlConnectionApi pattern) and adds type-level tests so provider can't silently become optional or widen back to string. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
🦋 Changeset detectedLatest commit: 1508711 The changes in this PR will be included in the next version bump. This PR includes changesets to release 10 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository YAML (base), Repository UI (inherited) Review profile: CHILL Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
Comment |
…ctions Stacked on #9153 (required provider field). Aligns the remaining CreateEnterpriseConnectionParams gaps with the Backend API contract, which validates name and domains (min 1) as required. Deprecates syncUserAttributes on create and provider on update, since the Backend API ignores both. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Adds the optional create/update params the Backend API supports but the SDK types omitted: allowOrganizationAccountLinking, customAttributes, authenticatable, disableJitProvisioning, disableAdditionalIdentifications (update only), and saml.loginHint. Verified against BAPI's CreateParams/UpdateParams/SAMLParams in clerk_go. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
ace6b49 to
7b6b5c0
Compare
Codex review: BAPI requires login_hint.source exactly when mode is custom_attribute and rejects it otherwise; model as a discriminated union. Also lock name/domains as required with type-level tests. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Description
Aligns
CreateEnterpriseConnectionParamsandUpdateEnterpriseConnectionParamswith the Backend API contract (clerk_goapi/bapi/v1/enterprise_connections/service.go). Folds in #9153 — the provider fix and this work are one thought: the create/update params didn't match what BAPI accepts. Every claim was verified against the Go source.Discovered while reviewing clerk/clerk#2887, where a docs code sample calling
createEnterpriseConnectionwithoutproviderwould fail BAPI validation despite type-checking.Required
providerfield (from #9153)CreateEnterpriseConnectionParamswas missingprovider, which BAPI validates as required. Calls without it type-checked and failed at runtime. The field is typed as theOrganizationEnterpriseConnectionProviderunion from@clerk/shared/types(matching the siblingSamlConnectionApipattern), with type-level tests so it can't silently become optional or widen back tostring.providerbehind anascast to work around the missing field. The cast is removed.Required
nameanddomains, plus deprecationsnameanddomainsare now required on create. BAPI validates both (validate:"required",min=1on domains), so calls without them already failed at runtime — the types now catch it at compile time. Type-level tests lock each field individually.syncUserAttributeson create is deprecated. BAPI'sCreateParamshas nosync_user_attributesfield; the JSON decoder drops it silently. It works on update, and the deprecation notice points there.provideron update is deprecated. BAPI'sUpdateParamshas noproviderfield — the provider can't be changed after creation.Missing optional params
allowOrganizationAccountLinking,customAttributes,authenticatable,disableJitProvisioning(create and update),disableAdditionalIdentifications(update only), andsaml.loginHint.loginHintis a discriminated union:sourceis required exactly whenmodeis'custom_attribute'and rejected otherwise, matching BAPI's validation. Custom attribute shapes (nameandkeyrequired) match the Go structs, and all camelCase names were confirmed to snake-case to the exact wire keys.Making previously-optional fields required is a compile-time change, but only for calls that already failed BAPI validation at runtime — it converts a runtime failure into a type error. Ships as a patch for that reason.
To test:
pnpm --filter @clerk/backend test:node EnterpriseConnectionApi.test.ts— wire-format tests assert every field reaches the request body in snake_case, alongside the type-level assertions.Checklist
pnpm testruns as expected.pnpm buildruns as expected.Type of change
🤖 Generated with Claude Code