Skip to content

Feature - In-Flow Extensions REST API support#1101

Open
ThejithaR wants to merge 17 commits into
wso2:masterfrom
ThejithaR:feature/in-flow-extensions
Open

Feature - In-Flow Extensions REST API support#1101
ThejithaR wants to merge 17 commits into
wso2:masterfrom
ThejithaR:feature/in-flow-extensions

Conversation

@ThejithaR

@ThejithaR ThejithaR commented Mar 30, 2026

Copy link
Copy Markdown
Contributor

Purpose

Resolves wso2/product-is#27771

Add REST API support for In-Flow Extension actions and an action name availability check endpoint.

Goals

  • Expose In-Flow Extension action CRUD through the Actions REST API (/actions/inFlowExtension)
  • Add API models for AccessConfig and Encryption specific to In-Flow Extension actions
  • Add action name availability check endpoint (POST /actions/{actionType}/check-name)
  • Exclude In-Flow Extension from activate/deactivate endpoints (EXTENSION category actions are always active)

Approach

  • Updated the OpenAPI spec to include inFlowExtension as an action type with dedicated request/response schemas for AccessConfig and Encryption
  • Added a check-name endpoint that validates action name uniqueness within an action type
  • Added API-layer model classes and mappers to convert between API and domain representations
  • Excluded inFlowExtension from activate/deactivate action type enums since EXTENSION category actions don't support status toggle

User stories

N/A

Developer Checklist (Mandatory)

  • Complete the Developer Checklist in the related product-is issue to track any behavioral change or migration impact.

Release note

  • Added REST API support for In-Flow Extension action type with AccessConfig and encryption configuration
  • Added action name availability check endpoint (POST /actions/{actionType}/check-name)

Documentation

N/A

Training

N/A

Certification

N/A

Marketing

N/A

Automation tests

  • Unit tests

    N/A

  • Integration tests

    N/A

Security checks

Samples

N/A

Related PRs

Migrations (if applicable)

N/A

Test environment

JDK 21, macOS

Learning

N/A

@coderabbitai

coderabbitai Bot commented Mar 30, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2c407ac4-ef3d-48ec-af7a-eb2fe8a87d05

📥 Commits

Reviewing files that changed from the base of the PR and between 57b10b9 and 7c6c8c5.

⛔ Files ignored due to path filters (1)
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/action/management/v1/ActionType.java is excluded by !**/gen/**
📒 Files selected for processing (7)
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/main/java/org/wso2/carbon/identity/api/server/action/management/v1/mapper/ActionMapperFactory.java
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/main/java/org/wso2/carbon/identity/api/server/action/management/v1/mapper/InFlowExtensionActionMapper.java
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/main/java/org/wso2/carbon/identity/api/server/action/management/v1/util/ActionDeserializer.java
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/main/resources/Actions.yaml
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/java/org/wso2/carbon/identity/api/server/flow/management/v1/core/ServerFlowMgtService.java
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/java/org/wso2/carbon/identity/api/server/flow/management/v1/response/handlers/AbstractMetaResponseHandler.java
  • pom.xml

📝 Walkthrough

Summary

This pull request adds comprehensive REST API support for In-Flow Extension actions, enabling external service invocation during flow execution. The changes introduce new API endpoints, models, and mappers to manage in-flow extension configurations.

New API Models and Response Classes

Added dedicated API model classes for in-flow extension configuration:

  • AccessConfigModel — represents access control with expose and modify configuration lists
  • EncryptionModel — models encryption settings with certificate support
  • InFlowExtensionActionModel — extends ActionModel with extension-specific fields (accessConfig, encryption, iconUrl)
  • InFlowExtensionActionResponse — extends ActionResponse with support for flow-type-specific access configuration overrides
  • InFlowExtensionActionUpdateModel — handles in-flow extension updates with optional configuration overrides
  • InFlowExtensionBasicResponse — compact response format including icon URL

Action Management REST API Enhancements

  • New check-name endpoint (POST /actions/{actionType}/check-name) — validates action name uniqueness within an action type
  • In-Flow Extension action CRUD — enabled at /actions/inFlowExtension alongside existing action types
  • Status toggle restrictions — prevents activation/deactivation of in-flow extension actions since EXTENSION category actions are always active
  • Action type enumerationinFlowExtension added to supported action types in API responses

Mapper and Service Integration

  • InFlowExtensionActionMapper — new mapper class converting between API models and domain InFlowExtensionAction objects, including authentication property validation, access/encryption configuration translation, and icon URL handling
  • ActionDeserializer — extended to handle FLOW_EXTENSIONS action type deserialization
  • ActionMapperFactory — updated to instantiate InFlowExtensionActionMapper for in-flow extension actions
  • ActionsApiServiceImpl — new checkActionName handler for name availability validation

Flow Management Service Enhancements

  • ServerFlowMgtService — integrated ActionManagementService and added six new endpoints for in-flow extension management: create, list, retrieve by ID, update, delete, and name validation
  • FlowApiServiceImpl — implemented REST handlers for all in-flow extension operations with proper URI location headers for created resources
  • AbstractMetaResponseHandler — extended to populate flow metadata with active in-flow extension connections and icon URLs
  • InFlowExtensionContextTreeMapper — new utility to convert engine-side context tree metadata to API responses
  • InFlowExtensionMapper — new flow-layer utility handling endpoint configuration mapping, authentication validation, and access/encryption configuration translation
  • Utils.handleActionMgtException — new helper to convert action management exceptions to appropriate HTTP responses

OpenAPI Specification Updates

  • Actions API (Actions.yaml) — added inFlowExtension to action-type enums for all CRUD operations, new POST /actions/{actionType}/check-name endpoint with request/response schemas, and supporting component schemas for AccessConfig, ContextPath, Encryption, ActionNameCheckRequest, and ActionNameCheckResponse
  • Flow Management API (flow.yaml) — seven new endpoints for in-flow extension resource management, updated FlowMetaResponse to include extension connections, and comprehensive schemas for request/response models and context tree structures

Configuration and Dependencies

  • Updated carbon.identity.framework.version from 7.10.68 to 7.11.90
  • Added framework dependencies: org.wso2.carbon.identity.flow.extensions and org.wso2.carbon.identity.flow.execution.engine
  • Added compile-time dependency on Jakarta XML Binding API 4.0.4
  • New error codes for in-flow extension lookups, name conflicts, and authentication property validation
  • New executor constant IN_FLOW_EXTENSION_EXECUTOR

Validation and Error Handling

  • Authentication property validation enforcing required fields per auth type (BASIC, BEARER, API_KEY, CLIENT_CREDENTIAL) with descriptive error responses
  • Endpoint URL and authentication configuration validation in update operations
  • Name uniqueness checking scoped to tenant domain
  • Proper exception translation between action management and flow management layers

Walkthrough

This pull request adds support for in-flow extensions—external service invocations during identity flow execution—addressing use cases such as risk assessment, data enrichment, and external verification. The implementation spans two coordinated layers: action management API (defining in-flow extension action types) and flow management API (exposing extension lifecycle operations). New API models define access configuration (expose/modify lists) and encryption settings. The action management service validates action types, rejects status toggles for extensions, and deserializes extension payloads. A dedicated mapper converts between API and engine representations. Flow management wires in action management, exposes REST endpoints for creating, listing, updating, and deleting extensions, enriches flow metadata with active extension connections, and provides context-tree metadata for flow composition UI. OpenAPI specs document all new endpoints and schemas.

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant FlowApiServiceImpl
  participant ServerFlowMgtService
  participant ActionManagementService
  participant InFlowExtensionMapper
  participant InFlowExtensionContextTreeService

  Client->>FlowApiServiceImpl: POST /flow/in-flow-extensions (create)
  FlowApiServiceImpl->>ServerFlowMgtService: createInFlowExtension(model)
  ServerFlowMgtService->>InFlowExtensionMapper: toInFlowExtensionAction(model)
  ServerFlowMgtService->>ActionManagementService: create(action, tenantDomain)
  ActionManagementService-->>ServerFlowMgtService: created Action (id)
  ServerFlowMgtService-->>FlowApiServiceImpl: InFlowExtensionResponse
  FlowApiServiceImpl-->>Client: 201 Created (Location: /flow/in-flow-extensions/{id})

  Client->>FlowApiServiceImpl: GET /flow/in-flow-extension/context-tree?flowType=...
  FlowApiServiceImpl->>ServerFlowMgtService: getInFlowExtensionContextTree(flowType)
  ServerFlowMgtService->>InFlowExtensionContextTreeService: buildContextTree(flowType)
  InFlowExtensionContextTreeService-->>ServerFlowMgtService: InFlowExtensionContextTreeMetadata
  ServerFlowMgtService->>InFlowExtensionMapper: (n/a) / InFlowExtensionContextTreeMapper
  ServerFlowMgtService-->>FlowApiServiceImpl: InFlowExtensionContextTreeResponse
  FlowApiServiceImpl-->>Client: 200 OK
Loading
🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 19.61% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and concisely summarizes the main objective: adding REST API support for In-Flow Extensions. It directly reflects the primary change in the changeset.
Description check ✅ Passed The description follows the repository template with all required sections completed: Purpose (with issue link), Goals, Approach, Release notes, and Security checks (yes/yes/yes). Developer Checklist remains unchecked but is expected to be completed in the linked issue.
Linked Issues check ✅ Passed The PR implements the core coding requirements from issue #27771: REST API support for in-flow extensions via /actions/inFlowExtension with AccessConfig/Encryption models, name-check endpoint, and flow composer integration with context tree and action mapping.
Out of Scope Changes check ✅ Passed All changes are directly aligned with the stated objectives: In-Flow Extension CRUD operations, model/mapper implementations, OpenAPI spec updates, and flow management integration. No out-of-scope modifications detected.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@ThejithaR
ThejithaR requested a review from ThaminduR March 30, 2026 10:33
Comment on lines +61 to +64

public AccessConfigModel expose(List<Object> expose) {

this.expose = expose;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Log Improvement Suggestion No: 1

Suggested change
public AccessConfigModel expose(List<Object> expose) {
this.expose = expose;
public AccessConfigModel expose(List<Object> expose) {
this.expose = expose;
if (log.isDebugEnabled()) {
log.debug("Setting expose configuration with " + (expose != null ? expose.size() : 0) + " paths");
}
return this;

Comment on lines +79 to +83
}

public AccessConfigModel modify(List<Object> modify) {

this.modify = modify;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Log Improvement Suggestion No: 2

Suggested change
}
public AccessConfigModel modify(List<Object> modify) {
this.modify = modify;
public AccessConfigModel modify(List<Object> modify) {
this.modify = modify;
if (log.isDebugEnabled()) {
log.debug("Setting modify configuration with " + (modify != null ? modify.size() : 0) + " paths");
}
return this;

Comment on lines +53 to +57

public void setCertificate(String certificate) {

this.certificate = certificate;
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Log Improvement Suggestion No: 3

Suggested change
public void setCertificate(String certificate) {
this.certificate = certificate;
}
public void setCertificate(String certificate) {
if (certificate != null && !certificate.trim().isEmpty()) {
log.debug("Setting encryption certificate for external service");
}
this.certificate = certificate;
}

Comment on lines +40 to +47

public InFlowExtensionActionModel(ActionModel actionModel) {

setName(actionModel.getName());
setDescription(actionModel.getDescription());
setEndpoint(actionModel.getEndpoint());
setRule(actionModel.getRule());
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Log Improvement Suggestion No: 4

Suggested change
public InFlowExtensionActionModel(ActionModel actionModel) {
setName(actionModel.getName());
setDescription(actionModel.getDescription());
setEndpoint(actionModel.getEndpoint());
setRule(actionModel.getRule());
}
public InFlowExtensionActionModel(ActionModel actionModel) {
log.debug("Initializing InFlowExtensionActionModel from ActionModel");
setName(actionModel.getName());
setDescription(actionModel.getDescription());
setEndpoint(actionModel.getEndpoint());
setRule(actionModel.getRule());
}

Comment on lines +36 to +39

public InFlowExtensionActionResponse(ActionResponse actionResponse) {

setId(actionResponse.getId());

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Log Improvement Suggestion No: 5

Suggested change
public InFlowExtensionActionResponse(ActionResponse actionResponse) {
setId(actionResponse.getId());
public InFlowExtensionActionResponse(ActionResponse actionResponse) {
log.debug("Creating InFlowExtensionActionResponse from ActionResponse with id: {}", actionResponse.getId());
setId(actionResponse.getId());

Comment on lines +64 to +67

public void setAccessConfig(AccessConfigModel accessConfig) {

this.accessConfig = accessConfig;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Log Improvement Suggestion No: 6

Suggested change
public void setAccessConfig(AccessConfigModel accessConfig) {
this.accessConfig = accessConfig;
public void setAccessConfig(AccessConfigModel accessConfig) {
if (log.isDebugEnabled()) {
log.debug("Setting access config for action: {}", this.getId());
}
this.accessConfig = accessConfig;

Comment on lines 148 to 150
public ActionBasicResponse activateAction(String actionType, String actionId) {

try {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Log Improvement Suggestion No: 7

Suggested change
public ActionBasicResponse activateAction(String actionType, String actionId) {
try {
public ActionBasicResponse activateAction(String actionType, String actionId) {
try {
log.info("Activating action with id: " + actionId + " of type: " + actionType);

Comment on lines +172 to +174
public ActionNameCheckResponse checkActionName(String actionType, String name) {

try {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Log Improvement Suggestion No: 8

Suggested change
public ActionNameCheckResponse checkActionName(String actionType, String name) {
try {
public ActionNameCheckResponse checkActionName(String actionType, String name) {
try {
if (log.isDebugEnabled()) {
log.debug("Checking availability of action name: " + name + " for type: " + actionType);
}

Comment on lines +57 to +59
@Override
public Response checkActionName(String actionType, ActionNameCheckRequest actionNameCheckRequest) {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Log Improvement Suggestion No: 9

Suggested change
@Override
public Response checkActionName(String actionType, ActionNameCheckRequest actionNameCheckRequest) {
@Override
public Response checkActionName(String actionType, ActionNameCheckRequest actionNameCheckRequest) {
log.debug("Checking action name availability for action type: {} with name: {}", actionType, actionNameCheckRequest.getName());

Comment on lines +51 to +53
case IN_FLOW_EXTENSION:
actionMapper = new InFlowExtensionActionMapper();
break;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Log Improvement Suggestion No: 10

Suggested change
case IN_FLOW_EXTENSION:
actionMapper = new InFlowExtensionActionMapper();
break;
case PRE_ISSUE_ID_TOKEN:
actionMapper = new PreIssueIDTokenActionMapper();
break;
case IN_FLOW_EXTENSION:
actionMapper = new InFlowExtensionActionMapper();
log.info("Created InFlowExtensionActionMapper for action type: IN_FLOW_EXTENSION");
break;

Comment on lines +54 to +57
@Override
public Action toAction(ActionModel actionModel) throws ActionMgtException {

if (!(actionModel instanceof InFlowExtensionActionModel)) {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Log Improvement Suggestion No: 11

Suggested change
@Override
public Action toAction(ActionModel actionModel) throws ActionMgtException {
if (!(actionModel instanceof InFlowExtensionActionModel)) {
public Action toAction(ActionModel actionModel) throws ActionMgtException {
log.info("Converting ActionModel to Action for type: " + getSupportedActionType());
if (!(actionModel instanceof InFlowExtensionActionModel)) {

Comment on lines +113 to +116
@SuppressWarnings("unchecked")
private AccessConfig toAccessConfig(AccessConfigModel configModel) {

if (configModel == null) {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Log Improvement Suggestion No: 12

Suggested change
@SuppressWarnings("unchecked")
private AccessConfig toAccessConfig(AccessConfigModel configModel) {
if (configModel == null) {
private AccessConfig toAccessConfig(AccessConfigModel configModel) {
if (log.isDebugEnabled()) {
log.debug("Converting AccessConfigModel to AccessConfig");
}
if (configModel == null) {

Comment on lines 114 to 115
supportedExecutors.add(EXTENSION_EXECUTOR);
return supportedExecutors;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Log Improvement Suggestion No: 14

Suggested change
supportedExecutors.add(EXTENSION_EXECUTOR);
return supportedExecutors;
supportedExecutors.add(EXTENSION_EXECUTOR);
if (log.isDebugEnabled()) {
log.debug("Total supported executors count: " + supportedExecutors.size());
}
return supportedExecutors;

@wso2-engineering wso2-engineering Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI Agent Log Improvement Checklist

⚠️ Warning: AI-Generated Review Comments

  • The log-related comments and suggestions in this review were generated by an AI tool to assist with identifying potential improvements. Purpose of reviewing the code for log improvements is to improve the troubleshooting capabilities of our products.
  • Please make sure to manually review and validate all suggestions before applying any changes. Not every code suggestion would make sense or add value to our purpose. Therefore, you have the freedom to decide which of the suggestions are helpful.

✅ Before merging this pull request:

  • Review all AI-generated comments for accuracy and relevance.
  • Complete and verify the table below. We need your feedback to measure the accuracy of these suggestions and the value they add. If you are rejecting a certain code suggestion, please mention the reason briefly in the suggestion for us to capture it.
Comment Accepted (Y/N) Reason
#### Log Improvement Suggestion No: 1
#### Log Improvement Suggestion No: 2
#### Log Improvement Suggestion No: 3
#### Log Improvement Suggestion No: 4
#### Log Improvement Suggestion No: 5
#### Log Improvement Suggestion No: 6
#### Log Improvement Suggestion No: 7
#### Log Improvement Suggestion No: 8
#### Log Improvement Suggestion No: 9
#### Log Improvement Suggestion No: 10
#### Log Improvement Suggestion No: 11
#### Log Improvement Suggestion No: 12
#### Log Improvement Suggestion No: 14

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to revert this

- type: IN_FLOW_EXTENSION
displayName: In-Flow Extension
description: This action invokes during flow execution.
count: 1

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should not be 1

header: x-api-key
value: e12595c1-1435-4bf2-94e8-445135ab505a
type: API_KEY
accessConfig:

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be changed: no raw paths are allowed. {"path": String, "encrypted": Boolean} pattern required.

id: 24f64d17-9824-4e28-8413-de45728d8e84
name: Risk Assessment Extension
description: This action invokes during flow execution to assess risk.
status: INACTIVE

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACTIVE by default

required: true
schema:
enum:
- preIssueAccessToken

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Name uniqueness check is not needed for all the actions

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 9

🧹 Nitpick comments (1)
components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/java/org/wso2/carbon/identity/api/server/flow/management/v1/core/ServerFlowMgtService.java (1)

375-380: ⚡ Quick win

Prefer service-level name-availability API over full in-memory scan.

This local scan works functionally, but using the action-management availability API keeps behavior consistent across layers and avoids loading all actions for each check.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/java/org/wso2/carbon/identity/api/server/flow/management/v1/core/ServerFlowMgtService.java`
around lines 375 - 380, The code performs an in-memory scan by calling
actionManagementService.getActionsByActionType(...) and filtering to determine
name availability; replace that with the action-management service's
name-availability API to avoid loading all actions. Call the appropriate
availability method on actionManagementService (e.g., an isActionNameAvailable /
isNameAvailable style API) passing IN_FLOW_EXTENSION_ACTION_TYPE,
request.getName(), tenantDomain and excludeId (or equivalent parameters), and
use its boolean result to build and return the
InFlowExtensionNameCheckResponse.available(...) instead of performing the
stream/filter/noneMatch logic locally.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/extend/java/org/wso2/carbon/identity/api/server/action/management/v1/InFlowExtensionActionResponse.java`:
- Around line 139-156: The equals/hashCode implementation in
InFlowExtensionActionResponse omits the copied metadata fields version,
createdAt, and updatedAt, so add comparisons for these in equals (e.g.,
Objects.equals(this.getVersion(), that.getVersion()),
Objects.equals(this.getCreatedAt(), that.getCreatedAt()),
Objects.equals(this.getUpdatedAt(), that.getUpdatedAt())) and include
getVersion(), getCreatedAt(), getUpdatedAt() in the Objects.hash(...) call in
hashCode so the metadata is considered when determining equality and computing
the hash.

In
`@components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/main/java/org/wso2/carbon/identity/api/server/action/management/v1/core/ServerActionManagementService.java`:
- Around line 172-185: The checkActionName method currently returns a hardcoded
available=true; restore the real evaluation by calling
actionManagementService.isActionNameAvailable(...) and set the
ActionNameCheckResponse based on that boolean. Use
validateActionType(actionType) and obtain tenantDomain from CarbonContext as
already done, then if excludeId is non-blank call
actionManagementService.isActionNameAvailable(actionType, name, excludeId,
tenantDomain) else call
actionManagementService.isActionNameAvailable(actionType, name, tenantDomain);
finally return new ActionNameCheckResponse().available(available) and preserve
the existing ActionMgtException catch behavior.

In
`@components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/pom.xml`:
- Around line 145-149: The pom declares jakarta.xml.bind-api 4.0.4 which
requires Java 11+, causing Java 8 build failures and mixed javax/jakarta
annotations (see InFlowExtensionBasicResponse.java); replace the compile-scope
Jakarta 4.x dependency with a Java 8-compatible JAXB API (e.g.,
javax.xml.bind:jaxb-api:2.3.1) and, if needed, add matching runtime impl (e.g.,
com.sun.xml.bind:jaxb-impl) and/or adjust the jaxb plugin config so generated
sources consistently use javax.xml.bind annotations; update the dependency entry
in the POM and regenerate the JAXB classes (or reconfigure the codegen plugin)
to ensure InFlowExtensionBasicResponse and other generated classes all import
javax.xml.bind.annotation.*.

In
`@components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/java/org/wso2/carbon/identity/api/server/flow/management/v1/core/ServerFlowMgtService.java`:
- Around line 312-317: The method in ServerFlowMgtService that calls
actionManagementService.getActionByActionId (using
IN_FLOW_EXTENSION_ACTION_TYPE, extensionId, tenantDomain) must guard against a
null return before calling InFlowExtensionMapper.toInFlowExtensionResponse; if
getActionByActionId returns null, return/throw the API not-found error response
instead of proceeding. Add a null check for the Action named "action" after the
call and produce the proper 404 API error (consistent with other endpoints)
rather than mapping a null value; preserve the existing ActionMgtException catch
block.

In
`@components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/java/org/wso2/carbon/identity/api/server/flow/management/v1/utils/InFlowExtensionMapper.java`:
- Around line 307-308: In getRequiredStringProp within InFlowExtensionMapper,
avoid directly casting props.get(key) to String; instead retrieve the Object,
validate it is an instance of String, and if not throw a controlled client error
(bad request) with a clear message about the expected string type for that key;
then cast to String and continue the existing empty-check (StringUtils.isEmpty).
This prevents ClassCastException for non-string inputs and returns a predictable
error to the client.

In
`@components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/resources/flow.yaml`:
- Around line 439-484: There are two identical path entries for
"/flow/in-flow-extension/context-tree" which breaks the OpenAPI YAML; remove the
duplicate block and keep a single definition for the path (preserve the
operationId getInFlowExtensionContextTree, the parameters (flowType) and all
responses), ensuring only one "/flow/in-flow-extension/context-tree" entry
remains in the paths mapping.
- Around line 1306-1308: The YAML schema is inconsistent: redirectionEnabled's
description claims REDIRECT is advertised in allowedOperations but the
allowedOperations enum only lists EXPOSE and MODIFY; update the contract by
either adding REDIRECT to the allowedOperations enum values (so
allowedOperations includes REDIRECT alongside EXPOSE and MODIFY) or by changing
redirectionEnabled's description to reflect the actual enum (e.g., state that it
toggles whether REDIRECT-related behavior is implied but is represented via
EXPOSE/MODIFY), and make the same change for the second occurrence of
redirectionEnabled/allowedOperations in the file (the other node with the same
schema).
- Around line 1295-1298: The schema for the property named flowType in flow.yaml
currently declares type: string but the description states it may be null;
update the schema to make it consistent by adding nullable: true to the flowType
definition (or alternatively update the description to document the concrete
fallback value the API returns), and ensure the example and any generated
models/clients reflect the nullable change; locate the flowType node in
flow.yaml and add nullable: true (or adjust the description/example) so the
OpenAPI contract matches the actual behavior.
- Around line 223-228: The 201 response for the create endpoint in flow.yaml
documents only the response body (InFlowExtensionResponse) but omits the
Location header; update the '201' response object for "In-Flow Extension
Created" to include a Location header entry (type: string, format: uri,
description: "URI of the created resource") so the OpenAPI contract reflects the
endpoint behavior returning the created resource URI; locate the '201' response
block referencing InFlowExtensionResponse and add a headers -> Location
definition alongside the existing content.

---

Nitpick comments:
In
`@components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/java/org/wso2/carbon/identity/api/server/flow/management/v1/core/ServerFlowMgtService.java`:
- Around line 375-380: The code performs an in-memory scan by calling
actionManagementService.getActionsByActionType(...) and filtering to determine
name availability; replace that with the action-management service's
name-availability API to avoid loading all actions. Call the appropriate
availability method on actionManagementService (e.g., an isActionNameAvailable /
isNameAvailable style API) passing IN_FLOW_EXTENSION_ACTION_TYPE,
request.getName(), tenantDomain and excludeId (or equivalent parameters), and
use its boolean result to build and return the
InFlowExtensionNameCheckResponse.available(...) instead of performing the
stream/filter/noneMatch logic locally.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 30778edd-bef6-4301-8a42-57bde4035a3c

📥 Commits

Reviewing files that changed from the base of the PR and between 070e10b and 57b10b9.

⛔ Files ignored due to path filters (27)
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/action/management/v1/ActionNameCheckRequest.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/action/management/v1/ActionNameCheckResponse.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/action/management/v1/ActionType.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/action/management/v1/ActionsApi.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/action/management/v1/ActionsApiService.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/action/management/v1/factories/ActionsApiServiceFactory.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/AccessConfig.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/AuthenticationType.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/AuthenticationTypeResponse.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/ContextPath.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/Encryption.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/Endpoint.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/EndpointResponse.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/EndpointUpdateModel.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/FlowApi.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/FlowApiService.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/FlowMetaResponse.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/InFlowExtensionBasicResponse.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/InFlowExtensionConnectionInfo.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/InFlowExtensionContextTreeNode.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/InFlowExtensionContextTreeResponse.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/InFlowExtensionModel.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/InFlowExtensionNameCheckRequest.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/InFlowExtensionNameCheckResponse.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/InFlowExtensionResponse.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/InFlowExtensionUpdateModel.java is excluded by !**/gen/**
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/Link.java is excluded by !**/gen/**
📒 Files selected for processing (25)
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/pom.xml
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/extend/java/org/wso2/carbon/identity/api/server/action/management/v1/AccessConfigModel.java
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/extend/java/org/wso2/carbon/identity/api/server/action/management/v1/EncryptionModel.java
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/extend/java/org/wso2/carbon/identity/api/server/action/management/v1/InFlowExtensionActionModel.java
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/extend/java/org/wso2/carbon/identity/api/server/action/management/v1/InFlowExtensionActionResponse.java
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/extend/java/org/wso2/carbon/identity/api/server/action/management/v1/InFlowExtensionActionUpdateModel.java
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/extend/java/org/wso2/carbon/identity/api/server/action/management/v1/InFlowExtensionBasicResponse.java
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/main/java/org/wso2/carbon/identity/api/server/action/management/v1/core/ServerActionManagementService.java
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/main/java/org/wso2/carbon/identity/api/server/action/management/v1/impl/ActionsApiServiceImpl.java
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/main/java/org/wso2/carbon/identity/api/server/action/management/v1/mapper/ActionMapperFactory.java
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/main/java/org/wso2/carbon/identity/api/server/action/management/v1/mapper/InFlowExtensionActionMapper.java
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/main/java/org/wso2/carbon/identity/api/server/action/management/v1/util/ActionDeserializer.java
  • components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/main/resources/Actions.yaml
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.common/src/main/java/org/wso2/carbon/identity/api/server/flow/management/common/FlowMgtServiceHolder.java
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/pom.xml
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/java/org/wso2/carbon/identity/api/server/flow/management/v1/constants/FlowEndpointConstants.java
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/java/org/wso2/carbon/identity/api/server/flow/management/v1/core/ServerFlowMgtService.java
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/java/org/wso2/carbon/identity/api/server/flow/management/v1/factories/ServerFlowMgtServiceFactory.java
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/java/org/wso2/carbon/identity/api/server/flow/management/v1/impl/FlowApiServiceImpl.java
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/java/org/wso2/carbon/identity/api/server/flow/management/v1/response/handlers/AbstractMetaResponseHandler.java
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/java/org/wso2/carbon/identity/api/server/flow/management/v1/utils/InFlowExtensionContextTreeMapper.java
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/java/org/wso2/carbon/identity/api/server/flow/management/v1/utils/InFlowExtensionMapper.java
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/java/org/wso2/carbon/identity/api/server/flow/management/v1/utils/Utils.java
  • components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/resources/flow.yaml
  • pom.xml

Comment on lines +139 to +156
return Objects.equals(this.getId(), that.getId()) &&
Objects.equals(this.getType(), that.getType()) &&
Objects.equals(this.getName(), that.getName()) &&
Objects.equals(this.getDescription(), that.getDescription()) &&
Objects.equals(this.getStatus(), that.getStatus()) &&
Objects.equals(this.getEndpoint(), that.getEndpoint()) &&
Objects.equals(this.accessConfig, that.accessConfig) &&
Objects.equals(this.encryption, that.encryption) &&
Objects.equals(this.iconUrl, that.iconUrl) &&
Objects.equals(this.flowTypeOverrides, that.flowTypeOverrides) &&
Objects.equals(this.getRule(), that.getRule());
}

@Override
public int hashCode() {

return Objects.hash(getId(), getType(), getName(), getDescription(), getStatus(), getEndpoint(),
accessConfig, encryption, iconUrl, flowTypeOverrides, getRule());

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Include copied metadata fields in equality/hashCode.

Line 47 to Line 49 copy version, createdAt, and updatedAt, but Line 139 and Line 155 exclude them from equals/hashCode. This can treat materially different responses as equal.

Proposed fix
-        return Objects.equals(this.getId(), that.getId()) &&
+        return Objects.equals(this.getId(), that.getId()) &&
                 Objects.equals(this.getType(), that.getType()) &&
                 Objects.equals(this.getName(), that.getName()) &&
                 Objects.equals(this.getDescription(), that.getDescription()) &&
                 Objects.equals(this.getStatus(), that.getStatus()) &&
+                Objects.equals(this.getVersion(), that.getVersion()) &&
+                Objects.equals(this.getCreatedAt(), that.getCreatedAt()) &&
+                Objects.equals(this.getUpdatedAt(), that.getUpdatedAt()) &&
                 Objects.equals(this.getEndpoint(), that.getEndpoint()) &&
                 Objects.equals(this.accessConfig, that.accessConfig) &&
                 Objects.equals(this.encryption, that.encryption) &&
                 Objects.equals(this.iconUrl, that.iconUrl) &&
                 Objects.equals(this.flowTypeOverrides, that.flowTypeOverrides) &&
                 Objects.equals(this.getRule(), that.getRule());
@@
-        return Objects.hash(getId(), getType(), getName(), getDescription(), getStatus(), getEndpoint(),
+        return Objects.hash(getId(), getType(), getName(), getDescription(), getStatus(), getVersion(),
+                getCreatedAt(), getUpdatedAt(), getEndpoint(),
                 accessConfig, encryption, iconUrl, flowTypeOverrides, getRule());
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
return Objects.equals(this.getId(), that.getId()) &&
Objects.equals(this.getType(), that.getType()) &&
Objects.equals(this.getName(), that.getName()) &&
Objects.equals(this.getDescription(), that.getDescription()) &&
Objects.equals(this.getStatus(), that.getStatus()) &&
Objects.equals(this.getEndpoint(), that.getEndpoint()) &&
Objects.equals(this.accessConfig, that.accessConfig) &&
Objects.equals(this.encryption, that.encryption) &&
Objects.equals(this.iconUrl, that.iconUrl) &&
Objects.equals(this.flowTypeOverrides, that.flowTypeOverrides) &&
Objects.equals(this.getRule(), that.getRule());
}
@Override
public int hashCode() {
return Objects.hash(getId(), getType(), getName(), getDescription(), getStatus(), getEndpoint(),
accessConfig, encryption, iconUrl, flowTypeOverrides, getRule());
return Objects.equals(this.getId(), that.getId()) &&
Objects.equals(this.getType(), that.getType()) &&
Objects.equals(this.getName(), that.getName()) &&
Objects.equals(this.getDescription(), that.getDescription()) &&
Objects.equals(this.getStatus(), that.getStatus()) &&
Objects.equals(this.getVersion(), that.getVersion()) &&
Objects.equals(this.getCreatedAt(), that.getCreatedAt()) &&
Objects.equals(this.getUpdatedAt(), that.getUpdatedAt()) &&
Objects.equals(this.getEndpoint(), that.getEndpoint()) &&
Objects.equals(this.accessConfig, that.accessConfig) &&
Objects.equals(this.encryption, that.encryption) &&
Objects.equals(this.iconUrl, that.iconUrl) &&
Objects.equals(this.flowTypeOverrides, that.flowTypeOverrides) &&
Objects.equals(this.getRule(), that.getRule());
}
`@Override`
public int hashCode() {
return Objects.hash(getId(), getType(), getName(), getDescription(), getStatus(), getVersion(),
getCreatedAt(), getUpdatedAt(), getEndpoint(),
accessConfig, encryption, iconUrl, flowTypeOverrides, getRule());
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/extend/java/org/wso2/carbon/identity/api/server/action/management/v1/InFlowExtensionActionResponse.java`
around lines 139 - 156, The equals/hashCode implementation in
InFlowExtensionActionResponse omits the copied metadata fields version,
createdAt, and updatedAt, so add comparisons for these in equals (e.g.,
Objects.equals(this.getVersion(), that.getVersion()),
Objects.equals(this.getCreatedAt(), that.getCreatedAt()),
Objects.equals(this.getUpdatedAt(), that.getUpdatedAt())) and include
getVersion(), getCreatedAt(), getUpdatedAt() in the Objects.hash(...) call in
hashCode so the metadata is considered when determining equality and computing
the hash.

Comment on lines +172 to +185
public ActionNameCheckResponse checkActionName(String actionType, String name, String excludeId) {

try {
validateActionType(actionType);
String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
boolean available;
// if (StringUtils.isNotBlank(excludeId)) {
// available = actionManagementService.isActionNameAvailable(
// actionType, name, excludeId, tenantDomain);
// } else {
// available = actionManagementService.isActionNameAvailable(actionType, name, tenantDomain);
// }
return new ActionNameCheckResponse().available(true);
} catch (ActionMgtException e) {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Restore real name-availability evaluation in checkActionName.

Line 184 currently hardcodes available=true, so the endpoint does not actually validate uniqueness. Please re-enable service-backed evaluation, including excludeId handling for update scenarios.

Proposed fix
 public ActionNameCheckResponse checkActionName(String actionType, String name, String excludeId) {

     try {
         validateActionType(actionType);
         String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
-        boolean available;
-//            if (StringUtils.isNotBlank(excludeId)) {
-//                available = actionManagementService.isActionNameAvailable(
-//                        actionType, name, excludeId, tenantDomain);
-//            } else {
-//                available = actionManagementService.isActionNameAvailable(actionType, name, tenantDomain);
-//            }
-        return new ActionNameCheckResponse().available(true);
+        boolean available;
+        if (excludeId != null && !excludeId.isEmpty()) {
+            available = actionManagementService.isActionNameAvailable(
+                    actionType, name, excludeId, tenantDomain);
+        } else {
+            available = actionManagementService.isActionNameAvailable(actionType, name, tenantDomain);
+        }
+        return new ActionNameCheckResponse().available(available);
     } catch (ActionMgtException e) {
         throw ActionMgtEndpointUtil.handleActionMgtException(e);
     }
 }
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@components/org.wso2.carbon.identity.api.server.action.management/org.wso2.carbon.identity.api.server.action.management.v1/src/main/java/org/wso2/carbon/identity/api/server/action/management/v1/core/ServerActionManagementService.java`
around lines 172 - 185, The checkActionName method currently returns a hardcoded
available=true; restore the real evaluation by calling
actionManagementService.isActionNameAvailable(...) and set the
ActionNameCheckResponse based on that boolean. Use
validateActionType(actionType) and obtain tenantDomain from CarbonContext as
already done, then if excludeId is non-blank call
actionManagementService.isActionNameAvailable(actionType, name, excludeId,
tenantDomain) else call
actionManagementService.isActionNameAvailable(actionType, name, tenantDomain);
finally return new ActionNameCheckResponse().available(available) and preserve
the existing ActionMgtException catch behavior.

Comment on lines +145 to +149
<groupId>jakarta.xml.bind</groupId>
<artifactId>jakarta.xml.bind-api</artifactId>
<version>4.0.4</version>
<scope>compile</scope>
</dependency>

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

MODULE_DIR="components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1"

echo "== JAXB imports used by flow management v1 sources =="
rg -n --no-heading 'javax\.xml\.bind|jakarta\.xml\.bind' "${MODULE_DIR}/src" || true

echo
echo "== JAXB-related dependency declarations in module POM =="
rg -n --no-heading 'jakarta.xml.bind-api|jaxb-api|<source>|<target>' "${MODULE_DIR}/pom.xml"

echo
echo "== JAXB-related dependency management entries in root pom.xml =="
rg -n --no-heading 'jakarta.xml.bind-api|jaxb-api|version.org.wso2.orbit.javax.xml.bind' pom.xml

Repository: wso2/identity-api-server

Length of output: 5747


🏁 Script executed:

#!/bin/bash
set -euo pipefail

MODULE_DIR="components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1"
POM="${MODULE_DIR}/pom.xml"

echo "== Module pom.xml: inspect jakarta.xml.bind-api dependency block =="
# Print around the matched artifactId line
line=$(rg -n 'artifactId>\s*jakarta\.xml\.bind-api\s*<' "$POM" | head -n1 | cut -d: -f1)
start=$((line-6)); end=$((line+12))
sed -n "${start},${end}p" "$POM" | nl -ba -w2 -s':'

echo
echo "== Module pom.xml: compiler source/target + relevant plugins =="
# show around source/target
for patt in '<source>1.8</source>' '<target>1.8</target>'; do
  l=$(rg -n "$patt" "$POM" | head -n1 | cut -d: -f1)
  s=$((l-6)); e=$((l+6))
  echo "--- around $patt (line $l) ---"
  sed -n "${s},${e}p" "$POM" | nl -ba -w2 -s':'
done

echo
echo "== Generated source: inspect InFlowExtensionBasicResponse.java for jakarta vs javax usage =="
FILE="${MODULE_DIR}/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/InFlowExtensionBasicResponse.java"
if [ -f "$FILE" ]; then
  # show around first jakarta.xml.bind.annotation usage
  lj=$(rg -n 'jakarta\.xml\.bind\.annotation' "$FILE" | head -n1 | cut -d: -f1 || true)
  lu=$(rg -n 'javax\.xml\.bind\.annotation' "$FILE" | head -n1 | cut -d: -f1 || true)
  echo "First jakarta.xml.bind.annotation line: ${lj:-none}"
  echo "First javax.xml.bind.annotation line: ${lu:-none}"
  # print a focused window around jakarta usage if present; otherwise around imports
  if [ -n "${lj:-}" ]; then
    s=$((lj-15)); e=$((lj+25))
  else
    # fallback to imports region
    s=1; e=120
  fi
  sed -n "${s},${e}p" "$FILE" | nl -ba -w2 -s':'
else
  echo "File not found: $FILE"
fi

echo
echo "== Module src/gen/java: confirm overall JAXB namespace mix =="
rg -n --no-heading 'javax\.xml\.bind' "${MODULE_DIR}/src/gen/java" | head -n20
rg -n --no-heading 'jakarta\.xml\.bind' "${MODULE_DIR}/src/gen/java" | head -n20

Repository: wso2/identity-api-server

Length of output: 198


🏁 Script executed:

#!/bin/bash
set -euo pipefail

MODULE_DIR="components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1"
POM="${MODULE_DIR}/pom.xml"
FILE="${MODULE_DIR}/src/gen/java/org/wso2/carbon/identity/api/server/flow/management/v1/InFlowExtensionBasicResponse.java"

echo "== Module pom.xml: inspect jakarta.xml.bind-api dependency block =="
line=$(rg -n 'artifactId>\s*jakarta\.xml\.bind-api\s*<' "$POM" | head -n1 | cut -d: -f1 || true)
if [ -z "${line}" ]; then
  echo "Could not find jakarta.xml.bind-api in $POM"
else
  start=$((line-8)); end=$((line+14))
  echo "--- around line ${line} (artifactId jakarta.xml.bind-api) ---"
  sed -n "${start},${end}p" "$POM"
fi

echo
echo "== Module pom.xml: compiler source/target entries =="
for patt in '<source>1.8</source>' '<target>1.8</target>'; do
  l=$(rg -n "$patt" "$POM" | head -n1 | cut -d: -f1 || true)
  if [ -n "$l" ]; then
    s=$((l-6)); e=$((l+6))
    echo "--- around $patt (line $l) ---"
    sed -n "${s},${e}p" "$POM"
  else
    echo "No match for $patt"
  fi
done

echo
echo "== Generated source: InFlowExtensionBasicResponse.java JAXB namespace usage =="
if [ -f "$FILE" ]; then
  echo "-- first import/annotation occurrences (jakarta vs javax) --"
  echo "jakarta.xml.bind.annotation:"
  rg -n 'jakarta\.xml\.bind\.annotation' "$FILE" | head -n20 || true
  echo "javax.xml.bind.annotation:"
  rg -n 'javax\.xml\.bind\.annotation' "$FILE" | head -n20 || true

  echo
  echo "-- imports region (first ~120 lines) --"
  sed -n '1,120p' "$FILE" | cat
else
  echo "File not found: $FILE"
fi

echo
echo "== Quick overall JAXB namespace mix in module src/gen/java (top 20 each) =="
echo "javax.xml.bind:"
rg -n --no-heading 'javax\.xml\.bind' "${MODULE_DIR}/src/gen/java" | head -n20 || true
echo "jakarta.xml.bind:"
rg -n --no-heading 'jakarta\.xml\.bind' "${MODULE_DIR}/src/gen/java" | head -n20 || true

echo
echo "== Root pom.xml: check version.org.wso2.orbit.javax.xml.bind occurrences =="
rg -n --no-heading 'version\.org\.wso2\.orbit\.javax\.xml\.bind|artifactId>\s*jaxb-api\s*<' pom.xml | head -n50 || true

Repository: wso2/identity-api-server

Length of output: 11461


🏁 Script executed:

#!/bin/bash
set -euo pipefail

MODULE_DIR="components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1"
POM="${MODULE_DIR}/pom.xml"

echo "== Search for javax/jaxb-related dependencies in module pom.xml =="
rg -n --no-heading 'jaxb-api|javax\.xml\.bind|jakarta\.xml\.bind|xjc|maven-jaxb|jaxws|JAXB' "$POM" || true

echo
echo "== Search for dependencyManagement JAXB entries in module pom.xml (if any) =="
rg -n --no-heading '<dependencyManagement>|<dependencies>' "$POM" || true

echo
echo "== List all dependencies that mention xml.bind =="
rg -n --no-heading 'xml\.bind' "$POM" || true

Repository: wso2/identity-api-server

Length of output: 593


🌐 Web query:

Does jakarta.xml.bind-api 4.0.4 require Java 11+ (or another minimum) / is it compatible with Java 8 for compilation?

💡 Result:

The jakarta.xml.bind-api version 4.0.4 requires Java SE 11 or higher [1]. It is not compatible with Java 8 for compilation or execution, as the Jakarta XML Binding 4.x specifications and the associated Eclipse Implementation of JAXB explicitly mandate a minimum of Java SE 11 [2][1]. For projects still restricted to Java 8, you would need to use earlier versions of the JAXB API that support that environment, such as those within the 2.3.x release line [3].

Citations:


Fix JAXB tooling/namespace mismatch for Java 8 builds

  • This module targets Java 8 (maven-compiler-plugin source/target 1.8) but declares jakarta.xml.bind:jakarta.xml.bind-api:4.0.4 (compile scope); JAXB 4.x requires Java SE 11+, so Java 8 builds will fail.
  • The generated sources mix namespaces: most classes import javax.xml.bind.annotation.*, while InFlowExtensionBasicResponse.java also uses @jakarta.xml.bind.annotation.XmlType(...); align the dependency and generated annotations to be consistently javax.* or consistently jakarta.*.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/pom.xml`
around lines 145 - 149, The pom declares jakarta.xml.bind-api 4.0.4 which
requires Java 11+, causing Java 8 build failures and mixed javax/jakarta
annotations (see InFlowExtensionBasicResponse.java); replace the compile-scope
Jakarta 4.x dependency with a Java 8-compatible JAXB API (e.g.,
javax.xml.bind:jaxb-api:2.3.1) and, if needed, add matching runtime impl (e.g.,
com.sun.xml.bind:jaxb-impl) and/or adjust the jaxb plugin config so generated
sources consistently use javax.xml.bind annotations; update the dependency entry
in the POM and regenerate the JAXB classes (or reconfigure the codegen plugin)
to ensure InFlowExtensionBasicResponse and other generated classes all import
javax.xml.bind.annotation.*.

Comment on lines +312 to +317
try {
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
Action action = actionManagementService.getActionByActionId(
IN_FLOW_EXTENSION_ACTION_TYPE, extensionId, tenantDomain);
return InFlowExtensionMapper.toInFlowExtensionResponse(action);
} catch (ActionMgtException e) {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Handle not-found results before mapping extension by ID.

Line 316 maps action directly; if the backend returns null for an unknown ID, this path can fail with an internal error instead of returning a not-found response. Please add a null guard and return the appropriate API error.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/java/org/wso2/carbon/identity/api/server/flow/management/v1/core/ServerFlowMgtService.java`
around lines 312 - 317, The method in ServerFlowMgtService that calls
actionManagementService.getActionByActionId (using
IN_FLOW_EXTENSION_ACTION_TYPE, extensionId, tenantDomain) must guard against a
null return before calling InFlowExtensionMapper.toInFlowExtensionResponse; if
getActionByActionId returns null, return/throw the API not-found error response
instead of proceeding. Add a null check for the Action named "action" after the
call and produce the proper 404 API error (consistent with other endpoints)
rather than mapping a null value; preserve the existing ActionMgtException catch
block.

Comment on lines +307 to +308
String val = (String) props.get(key);
if (StringUtils.isEmpty(val)) {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Avoid unsafe cast for authentication properties.

getRequiredStringProp directly casts props.get(key) to String. A non-string input will throw ClassCastException instead of returning a controlled client error.

Proposed fix
 private static String getRequiredStringProp(Map<String, Object> props, String key)
         throws ActionMgtClientException {

     if (props == null || !props.containsKey(key)) {
         throw new ActionMgtClientException(
                 ERROR_CODE_INVALID_ENDPOINT_AUTH_PROPERTIES.getMessage(),
                 ERROR_CODE_INVALID_ENDPOINT_AUTH_PROPERTIES.getDescription(),
                 ERROR_CODE_INVALID_ENDPOINT_AUTH_PROPERTIES.getCode());
     }
-    String val = (String) props.get(key);
+    Object rawVal = props.get(key);
+    if (!(rawVal instanceof String)) {
+        throw new ActionMgtClientException(
+                ERROR_CODE_INVALID_ENDPOINT_AUTH_PROPERTIES.getMessage(),
+                ERROR_CODE_INVALID_ENDPOINT_AUTH_PROPERTIES.getDescription(),
+                ERROR_CODE_INVALID_ENDPOINT_AUTH_PROPERTIES.getCode());
+    }
+    String val = (String) rawVal;
     if (StringUtils.isEmpty(val)) {
         throw new ActionMgtClientException(
                 ERROR_CODE_EMPTY_ENDPOINT_AUTH_PROPERTIES.getMessage(),
                 ERROR_CODE_EMPTY_ENDPOINT_AUTH_PROPERTIES.getDescription(),
                 ERROR_CODE_EMPTY_ENDPOINT_AUTH_PROPERTIES.getCode());
     }
     return val;
 }
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/java/org/wso2/carbon/identity/api/server/flow/management/v1/utils/InFlowExtensionMapper.java`
around lines 307 - 308, In getRequiredStringProp within InFlowExtensionMapper,
avoid directly casting props.get(key) to String; instead retrieve the Object,
validate it is an instance of String, and if not throw a controlled client error
(bad request) with a clear message about the expected string type for that key;
then cast to String and continue the existing empty-check (StringUtils.isEmpty).
This prevents ClassCastException for non-string inputs and returns a predictable
error to the client.

Comment on lines +223 to +228
'201':
description: In-Flow Extension Created
content:
application/json:
schema:
$ref: '#/components/schemas/InFlowExtensionResponse'

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Document the Location header on create.

The create endpoint is expected to return the created resource URI, but the 201 response here only documents the body. Add a Location header so the published contract matches the endpoint behavior.

Suggested spec update
        '201':
          description: In-Flow Extension Created
+         headers:
+           Location:
+             description: URI of the created in-flow extension resource.
+             schema:
+               type: string
          content:
            application/json:
              schema:
                $ref: '`#/components/schemas/InFlowExtensionResponse`'
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
'201':
description: In-Flow Extension Created
content:
application/json:
schema:
$ref: '#/components/schemas/InFlowExtensionResponse'
'201':
description: In-Flow Extension Created
headers:
Location:
description: URI of the created in-flow extension resource.
schema:
type: string
content:
application/json:
schema:
$ref: '`#/components/schemas/InFlowExtensionResponse`'
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/resources/flow.yaml`
around lines 223 - 228, The 201 response for the create endpoint in flow.yaml
documents only the response body (InFlowExtensionResponse) but omits the
Location header; update the '201' response object for "In-Flow Extension
Created" to include a Location header entry (type: string, format: uri,
description: "URI of the created resource") so the OpenAPI contract reflects the
endpoint behavior returning the created resource URI; locate the '201' response
block referencing InFlowExtensionResponse and add a headers -> Location
definition alongside the existing content.

Comment on lines +439 to +484
/flow/in-flow-extension/context-tree:
get:
summary: Retrieve the controlled In-Flow Extension context tree
description: >
Returns the canonical context tree filtered by the deployment.toml whitelist
([identity.in_flow_extension.context.{flow_type}]) for the given flow type.
When `flowType` is omitted the default tree is returned. Used by the Console UI
to render the In-Flow Extension access-config editor without offering paths
the deployment has switched off, and to drive per-flow-type policy flags such
as `redirectionEnabled` and `allowReadOnlyClaimsModification`.
operationId: getInFlowExtensionContextTree
tags:
- Flow Composer
parameters:
- in: query
name: flowType
required: false
schema:
type: string
enum: [REGISTRATION, PASSWORD_RECOVERY, INVITED_USER_REGISTRATION, ASK_PASSWORD]
description: Optional flow type. When omitted, the default tree is returned.
responses:
'200':
description: Successfully retrieved the context tree
content:
application/json:
schema:
$ref: '#/components/schemas/InFlowExtensionContextTreeResponse'
'400':
description: Invalid flow type specified
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'401':
description: Unauthorized
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'403':
description: Forbidden
content:
application/json:
schema:
$ref: '#/components/schemas/Error'

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Remove the duplicated context-tree path.

/flow/in-flow-extension/context-tree is declared twice in the same paths mapping. That makes the spec unreliable for YAML/OpenAPI tooling and matches the current lint failure. Keep a single definition.

🧰 Tools
🪛 YAMLlint (1.38.0)

[error] 439-439: duplication of key "/flow/in-flow-extension/context-tree" in mapping

(key-duplicates)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/resources/flow.yaml`
around lines 439 - 484, There are two identical path entries for
"/flow/in-flow-extension/context-tree" which breaks the OpenAPI YAML; remove the
duplicate block and keep a single definition for the path (preserve the
operationId getInFlowExtensionContextTree, the parameters (flowType) and all
responses), ensuring only one "/flow/in-flow-extension/context-tree" entry
remains in the paths mapping.

Comment on lines +1295 to +1298
flowType:
type: string
description: Echoed flow type. `null` when no flowType was supplied (default tree).
example: PASSWORD_RECOVERY

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Make flowType nullable or change the description.

The description says this field is null when no flowType was supplied, but the schema only allows a string. Either add nullable: true or document the concrete fallback value returned by the API.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/resources/flow.yaml`
around lines 1295 - 1298, The schema for the property named flowType in
flow.yaml currently declares type: string but the description states it may be
null; update the schema to make it consistent by adding nullable: true to the
flowType definition (or alternatively update the description to document the
concrete fallback value the API returns), and ensure the example and any
generated models/clients reflect the nullable change; locate the flowType node
in flow.yaml and add nullable: true (or adjust the description/example) so the
OpenAPI contract matches the actual behavior.

Comment on lines +1306 to +1308
redirectionEnabled:
type: boolean
description: Whether REDIRECT is advertised in `allowedOperations` for this flow type.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Align redirectionEnabled with allowedOperations.

redirectionEnabled says REDIRECT is advertised in allowedOperations, but the node schema only allows EXPOSE and MODIFY. Please update either the flag description or the enum so the contract is internally consistent.

Also applies to: 1338-1343

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@components/org.wso2.carbon.identity.api.server.flow.management/org.wso2.carbon.identity.api.server.flow.management.v1/src/main/resources/flow.yaml`
around lines 1306 - 1308, The YAML schema is inconsistent: redirectionEnabled's
description claims REDIRECT is advertised in allowedOperations but the
allowedOperations enum only lists EXPOSE and MODIFY; update the contract by
either adding REDIRECT to the allowedOperations enum values (so
allowedOperations includes REDIRECT alongside EXPOSE and MODIFY) or by changing
redirectionEnabled's description to reflect the actual enum (e.g., state that it
toggles whether REDIRECT-related behavior is implied but is represented via
EXPOSE/MODIFY), and make the same change for the second occurrence of
redirectionEnabled/allowedOperations in the file (the other node with the same
schema).

@@ -0,0 +1,138 @@
/*
* Copyright (c) 2025, WSO2 LLC. (http://www.wso2.com).

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

update license headers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Support in-flow extensions in the new flow engine

3 participants