Skip to content

Fix UserInfo Gson deserialization and add ProGuard rules#23

Merged
Subterrane merged 4 commits intodevelopfrom
fix/userinfo-serialization
Mar 17, 2026
Merged

Fix UserInfo Gson deserialization and add ProGuard rules#23
Subterrane merged 4 commits intodevelopfrom
fix/userinfo-serialization

Conversation

@Subterrane
Copy link
Copy Markdown
Collaborator

@Subterrane Subterrane commented Mar 17, 2026

Summary

  • Add @SerializedName annotations to UserInfo.kt so Gson correctly maps snake_case JSON keys (preferred_username, given_name, family_name, updated_at) to camelCase Kotlin properties
  • Change updatedAt type from String? to Long? to match the OIDC spec (Unix epoch timestamp)
  • Add ProGuard/R8 consumer rules to prevent field stripping when consumers enable minification
  • Add unit tests for UserInfo deserialization (snake_case mapping and null handling)
  • Update Java demo app to handle the Long type change for updatedAt

Context

This supersedes PRs #6, #13, and #16, which all independently identified and attempted to fix the same bug: OIDC UserInfo fields with snake_case names were always null after deserialization. This PR combines the correct parts of each:

PR What it got right What it missed
#6 (Alqueraf) @SerializedName annotations updatedAt typed as Int? (overflows in 2038)
#13 (jkmaina) @SerializedName annotations Left updatedAt as String?; bundled unrelated JSONConvertable interface
#16 (lub0s) @SerializedName + Long? type + demo updates SimpleDateFormat thread-safety issue in demo

Test plan

  • Verify UserInfoDeserializationTest passes (snake_case field mapping + null handling)
  • Verify existing NetworkClientTest still passes
  • Verify Java demo app compiles with the updatedAt type change

jcbarnett and others added 3 commits April 4, 2022 21:12
@jcbarnett
Add code owners file.
e53244a
@jcbarnett
Update code owners file.
da34b7c
@Subterrane
fix: add SerializedName annotations to UserInfo and fix updatedAt type
93a20ae 
UserInfo fields with snake_case JSON keys (preferred_username, given_name,
family_name, updated_at) were silently deserializing as null because Gson
performs exact name matching against the camelCase Kotlin property names.

Also changes updatedAt from String? to Long? to match the OIDC spec
(updated_at is a Unix epoch timestamp), adds ProGuard consumer rules to
prevent R8 from stripping Gson model fields, and adds deserialization tests.

Supersedes #6, #13, #16. [no-ado]
This was referenced Mar 17, 2026
Closed
Closed
Closed
@Subterrane Subterrane merged commit 9034da3 into develop Mar 17, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hb7772 hb7772 Awaiting requested review from hb7772 hb7772 is a code owner

@bodaiboka bodaiboka Awaiting requested review from bodaiboka bodaiboka is a code owner

@Jody-Caudill-oneID Jody-Caudill-oneID Awaiting requested review from Jody-Caudill-oneID Jody-Caudill-oneID is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Subterrane @jcbarnett