SDKS-4231 Implement Pushed Authorization Request (PAR) support for OIDC

[witrisna]

JIRA Ticket

SDKS-4231

Description

Introduced support for PAR (RFC 9126) to improve security and handle large authorization request payloads by pushing parameters to the server prior to authorization.

Key changes:

• Added par configuration flag to OidcClientConfig and updated OpenIdConfiguration to include the pushed_authorization_request_endpoint.
• Refactored authorization request building logic into buildAuthorizeParams and updated populateRequest to handle both standard and PAR flows.
• Implemented PAR logic to POST parameters to the provider and utilize the returned request_uri in the subsequent authorization call.
• Updated Agent.kt in the Journey module to use the centralized populateRequest logic, ensuring PAR support is available across modules.
• Added comprehensive unit and integration tests in DaVinciTest, JourneyTest, and OidcWebClientTest to verify PAR execution and parameter handling.
• Updated license headers to include 2026.

Summary by CodeRabbit

• New Features

  • Added Pushed Authorization Request (PAR) support. Enable via the OIDC config (par = true) to POST authorization parameters to the PAR endpoint; authorize URLs will reference a returned request_uri.
  • OpenID discovery now exposes the pushed_authorization_request_endpoint.

• Tests

  • Added comprehensive PAR unit/integration tests and updated test coverage for discovery and client flows.

[codecov]

Codecov Report

❌ Patch coverage is 14.28571% with 42 lines in your changes missing coverage. Please review.
✅ Project coverage is 43.86%. Comparing base (6bc1efa) to head (e82a79a).
⚠️ Report is 13 commits behind head on develop.

Files with missing lines	Patch %	Lines
...kotlin/com/pingidentity/oidc/module/OidcRequest.kt	0.00%	40 Missing ⚠️
...n/kotlin/com/pingidentity/oidc/OidcClientConfig.kt	0.00%	2 Missing ⚠️

Additional details and impacted files

@@              Coverage Diff              @@
##             develop     #176      +/-   ##
=============================================
- Coverage      46.64%   43.86%   -2.78%     
+ Complexity      1263     1216      -47     
=============================================
  Files            306      306              
  Lines           9215     9221       +6     
  Branches        1305     1308       +3     
=============================================
- Hits            4298     4045     -253     
- Misses          4347     4642     +295     
+ Partials         570      534      -36     

Flag	Coverage Δ
integration-tests	28.20% <10.20%> (-0.12%)	⬇️
unit-tests	24.87% <4.08%> (-2.77%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[vibhorgoswami]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Warning

Rate limit exceeded

@witrisna has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 40 minutes and 23 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 40 minutes and 23 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d0ce3561-35ce-4918-a829-b38378d9655b

📥 Commits

Reviewing files that changed from the base of the PR and between d61448c and e82a79a.

📒 Files selected for processing (14)

• davinci/src/test/kotlin/com/pingidentity/davinci/DaVinciTest.Response.kt
• davinci/src/test/kotlin/com/pingidentity/davinci/DaVinciTest.kt
• foundation/oidc/src/main/kotlin/com/pingidentity/oidc/Constants.kt
• foundation/oidc/src/main/kotlin/com/pingidentity/oidc/OidcClientConfig.kt
• foundation/oidc/src/main/kotlin/com/pingidentity/oidc/OpenIdConfiguration.kt
• foundation/oidc/src/main/kotlin/com/pingidentity/oidc/module/OidcRequest.kt
• foundation/oidc/src/test/kotlin/com/pingidentity/oidc/OidcClientConfigTest.kt
• foundation/oidc/src/test/kotlin/com/pingidentity/oidc/OidcClientTest.kt
• foundation/oidc/src/test/kotlin/com/pingidentity/oidc/OidcWebClientTest.kt
• foundation/oidc/src/test/kotlin/com/pingidentity/oidc/OpenIdConfigurationTest.kt
• foundation/oidc/src/test/kotlin/com/pingidentity/oidc/Response.kt
• journey/src/main/kotlin/com/pingidentity/journey/module/Agent.kt
• journey/src/test/kotlin/com/pingidentity/journey/JourneyTest.Response.kt
• journey/src/test/kotlin/com/pingidentity/journey/JourneyTest.kt

📝 Walkthrough

Walkthrough

Adds Pushed Authorization Request (PAR) support across the OIDC module and integration tests: new par config flag, constants, OpenID configuration field, PAR-aware request population, and expanded test coverage and integration mocks for PAR flows.

Changes

Cohort / File(s)	Summary
OIDC Core Configuration foundation/oidc/src/main/kotlin/com/pingidentity/oidc/Constants.kt, foundation/oidc/src/main/kotlin/com/pingidentity/oidc/OidcClientConfig.kt, foundation/oidc/src/main/kotlin/com/pingidentity/oidc/OpenIdConfiguration.kt	Added REQUEST_URI and RESPONSE_MODE constants; added var par: Boolean = false to OidcClientConfig and merged in plusAssign; added pushAuthorizationRequestEndpoint (pushed_authorization_request_endpoint) to OpenIdConfiguration.
OIDC Request Flow (PAR Implementation) foundation/oidc/src/main/kotlin/com/pingidentity/oidc/module/OidcRequest.kt	Extracted param building into buildAuthorizeParams(...) and replaced populateRequest with a suspend implementation that, when par is true, POSTs form data to the PAR endpoint, parses request_uri, and rewrites the authorize request to use request_uri; otherwise emits standard authorize params.
OIDC Tests & Test Helpers foundation/oidc/src/test/kotlin/com/pingidentity/oidc/*	Added PAR-related unit/integration tests and helpers: PARTestAgent, Robolectric annotations/context initialization in web tests, assertions for PAR form bodies and resulting request_uri, and helper responses openIdConfigurationWithParResponse() and parResponse().
DaVinci Tests davinci/src/test/kotlin/com/pingidentity/davinci/DaVinciTest.Response.kt, davinci/src/test/kotlin/com/pingidentity/davinci/DaVinciTest.kt	Updated OpenID configuration mock to include pushed_authorization_request_endpoint; added /par mock route and DaVinci with PAR enabled integration test verifying POSTed FormDataContent and use of returned request_uri.
Journey Integration & Tests journey/src/main/kotlin/com/pingidentity/journey/module/Agent.kt, journey/src/test/kotlin/com/pingidentity/journey/JourneyTest.Response.kt, journey/src/test/kotlin/com/pingidentity/journey/JourneyTest.kt	Changed session agent to delegate authorization param population to populateRequest(...) (covering PAR and standard flows); added PAR field to test discovery JSON, /par mock handling, and Journey with PAR enabled test verifying PAR POST and subsequent authorize URL uses request_uri.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant AuthServer
    participant App

    rect rgba(0, 128, 255, 0.5)
    Note over Client,AuthServer: PAR Flow (par = true)
    Client->>AuthServer: POST /par (form: client_id, response_type, scope, redirect_uri, code_challenge, code_challenge_method, ...)
    AuthServer-->>Client: 201 Created { "request_uri": "...", "expires_in": ... }
    Client->>AuthServer: GET /authorize?request_uri=...&client_id=...
    AuthServer-->>Client: 302 Redirect /callback?code=...
    Client->>AuthServer: POST /token (grant_type=authorization_code, code_verifier, ...)
    AuthServer-->>Client: { access_token, id_token, ... }
    end

    rect rgba(0, 200, 100, 0.5)
    Note over Client,AuthServer: Standard Flow (par = false)
    Client->>AuthServer: GET /authorize?client_id=...&response_type=...&scope=...&redirect_uri=...&code_challenge=...&code_challenge_method=...
    AuthServer-->>Client: 302 Redirect /callback?code=...
    Client->>AuthServer: POST /token (grant_type=authorization_code, code_verifier, ...)
    AuthServer-->>Client: { access_token, id_token, ... }
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Poem

🐰 Hooray, I pushed a tiny plea,

request_uri returned to me.
Form fields hopped in tidy rows,
Tests now chase where PAR wind blows.
A little rabbit cheered—RFC glee!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 2.70% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically summarizes the main change: implementing PAR support for OIDC as specified in RFC 9126, which is the primary focus of the entire changeset.
Description check	✅ Passed	The description includes the required JIRA ticket link and a comprehensive summary of all key changes, covering configuration, refactoring, implementation, module updates, testing, and license updates.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch SDKS-4231

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (5)

foundation/oidc/src/test/kotlin/com/pingidentity/oidc/OidcClientConfigTest.kt (1)

212-214: Avoid hard-coded reflection property-count assertions.

assertEquals(clazz.memberProperties.size, 22) is fragile and will break on unrelated field additions/removals. Prefer behavior-focused assertions (like the explicit per-property assertions already present below).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@foundation/oidc/src/test/kotlin/com/pingidentity/oidc/OidcClientConfigTest.kt`
around lines 212 - 214, The test currently uses a brittle reflection count check
(clazz.memberProperties.size == 22) which will fail when fields change; remove
this hard-coded assertion and instead rely on the explicit per-property
assertions already present (or replace it with a behavior-focused check that
verifies required property names exist by comparing
OidcClientConfig::class.memberProperties.map { it.name } against an explicit
list of expected names). Update the test to reference OidcClientConfig and
clazz/memberProperties when locating properties but do not assert a fixed
numeric count.

journey/src/test/kotlin/com/pingidentity/journey/JourneyTest.kt (1)

918-944: Similar index-based verification as DaVinciTest - consider using URL pattern matching.

As noted in DaVinciTest review, relying on specific request history indices ([3] for PAR, [4] for authorize) can be fragile if the flow changes. Consider finding requests by URL pattern for more robust assertions.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@journey/src/test/kotlin/com/pingidentity/journey/JourneyTest.kt` around lines
918 - 944, Test uses brittle index-based lookups on mockEngine.requestHistory
(e.g., mockEngine.requestHistory[3] and [4]) to find the PAR and authorize
requests; change assertions to locate requests by URL pattern instead: search
mockEngine.requestHistory for an entry whose url.toString() or url.encodedPath
contains the PAR endpoint (e.g., "/par" or "par") to assign parRequest, and
similarly find the authorize request by matching the authorize URL or presence
of "request_uri" to assign authorizeRequest, then run the same body and query
assertions against those found request objects (use the existing variables
parRequest and authorizeRequest to keep rest of assertions unchanged).

foundation/oidc/src/test/kotlin/com/pingidentity/oidc/OidcClientTest.kt (1)

695-732: Consider asserting the specific error type for PAR failures.

The test verifies that the result is Failure<OidcError> but doesn't check the specific error type or message. Since populateRequest throws AuthorizeException on PAR failure, consider asserting that the failure wraps this specific exception type.

💡 Suggested improvement

 val result = oidcClient.token()
 assertTrue(result is Failure<OidcError>)
+assertTrue(result.value is OidcError.Authorize)
+// Or verify the error message contains PAR-related info

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@foundation/oidc/src/test/kotlin/com/pingidentity/oidc/OidcClientTest.kt`
around lines 695 - 732, The test currently only asserts that oidcClient.token()
returns Failure<OidcError>; update the assertion to verify the failure wraps the
specific AuthorizeException thrown on PAR failure (from populateRequest) —
locate the test `token with PAR enabled fails when PAR endpoint returns an
error`, call `oidcClient.token()`, then assert the result is a Failure and that
its cause or contained error is an instance of `AuthorizeException` (and
optionally assert the exception message) to ensure PAR-specific failures are
validated; references: OidcClient.token(), populateRequest, AuthorizeException,
PARTestAgent.

foundation/oidc/src/main/kotlin/com/pingidentity/oidc/module/OidcRequest.kt (1)

113-116: Clarify response_mode extraction from pre-existing request URL.

The code extracts response_mode from request.url.toUri() before populating the PAR form. This assumes the caller may have pre-set a response_mode on the request URL.

This pattern works for the DaVinci flow (which uses pi.flow response mode), but the intent could be clearer. Consider adding a comment explaining when/why the request URL would already have parameters set.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@foundation/oidc/src/main/kotlin/com/pingidentity/oidc/module/OidcRequest.kt`
around lines 113 - 116, Add a short clarifying comment immediately above the
form block where request.url.toUri().getQueryParameter(RESPONSE_MODE) is read
(in OidcRequest.kt) explaining that we intentionally copy a pre-existing
response_mode from the incoming request URL into the PAR form because some
callers (e.g., the DaVinci flow using pi.flow response_mode) may have already
set it on the request URL; keep the existing extraction logic (RESPONSE_MODE,
buildAuthorizeParams(pkce, parameters) { k, v -> put(k, v) }) unchanged, just
document the rationale and expected callers so intent is clear to future
readers.

davinci/src/test/kotlin/com/pingidentity/davinci/DaVinciTest.kt (1)

519-544: Verify request history indices match the actual flow sequence.

The test assumes specific indices for request history ([1] for PAR, [2] for authorize, [4] for token). If the flow sequence changes or additional requests are made, these indices could become incorrect and cause flaky tests.

Consider using a more robust approach to find requests by URL pattern rather than relying on exact indices:

💡 Suggested alternative approach

val parRequest = mockEngine.requestHistory.first { it.url.encodedPath == "/par" }
val authorizeRequest = mockEngine.requestHistory.first { it.url.encodedPath == "/authorize" }
val tokenRequest = mockEngine.requestHistory.first { it.url.encodedPath == "/token" }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@davinci/src/test/kotlin/com/pingidentity/davinci/DaVinciTest.kt` around lines
519 - 544, The test is brittle because it indexes mockEngine.requestHistory by
fixed positions (parRequest at [1], authorizeRequest at [2], tokenRequest at
[4]); change the assignments to locate requests by their URL path instead of
indices by searching mockEngine.requestHistory for the entry whose request URL
path equals "/par" for parRequest, "/authorize" for authorizeRequest and
"/token" for tokenRequest so the assertions (including extracting parBody from
parRequest and the existing asserts on client_id, response_type, response_mode,
scope, redirect_uri, code_challenge, and code_challenge_method) work regardless
of additional or reordered requests.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@davinci/src/test/kotlin/com/pingidentity/davinci/DaVinciTest.Response.kt`:
- Around line 25-26: The OpenID discovery mock JSON in DaVinciTest.Response.kt
is malformed: the object entries "revocation_endpoint" and
"pushed_authorization_request_endpoint" are missing a separating comma; update
the mocked discovery payload (the string containing "revocation_endpoint" and
"pushed_authorization_request_endpoint") to include a comma between those two
fields so the JSON deserializes correctly for PAR tests.

In `@foundation/oidc/src/main/kotlin/com/pingidentity/oidc/module/OidcRequest.kt`:
- Around line 118-129: The PAR handling currently defaults request_uri to an
empty string when the JSON lacks REQUEST_URI, which can mask server errors; in
the block inside the success branch (where response.body() is parsed and
requestUri is extracted), detect absence of REQUEST_URI (i.e., when
json[REQUEST_URI] or its jsonPrimitive/content is null/blank) and throw an
AuthorizeException with a clear message including the response.status and the
raw response body instead of setting an empty request.parameter; update the
logic around requestUri/REQUEST_URI and the downstream
request.parameter(CLIENT_ID, clientId) placement to only execute when a valid
request_uri is present.

---

Nitpick comments:
In `@davinci/src/test/kotlin/com/pingidentity/davinci/DaVinciTest.kt`:
- Around line 519-544: The test is brittle because it indexes
mockEngine.requestHistory by fixed positions (parRequest at [1],
authorizeRequest at [2], tokenRequest at [4]); change the assignments to locate
requests by their URL path instead of indices by searching
mockEngine.requestHistory for the entry whose request URL path equals "/par" for
parRequest, "/authorize" for authorizeRequest and "/token" for tokenRequest so
the assertions (including extracting parBody from parRequest and the existing
asserts on client_id, response_type, response_mode, scope, redirect_uri,
code_challenge, and code_challenge_method) work regardless of additional or
reordered requests.

In `@foundation/oidc/src/main/kotlin/com/pingidentity/oidc/module/OidcRequest.kt`:
- Around line 113-116: Add a short clarifying comment immediately above the form
block where request.url.toUri().getQueryParameter(RESPONSE_MODE) is read (in
OidcRequest.kt) explaining that we intentionally copy a pre-existing
response_mode from the incoming request URL into the PAR form because some
callers (e.g., the DaVinci flow using pi.flow response_mode) may have already
set it on the request URL; keep the existing extraction logic (RESPONSE_MODE,
buildAuthorizeParams(pkce, parameters) { k, v -> put(k, v) }) unchanged, just
document the rationale and expected callers so intent is clear to future
readers.

In
`@foundation/oidc/src/test/kotlin/com/pingidentity/oidc/OidcClientConfigTest.kt`:
- Around line 212-214: The test currently uses a brittle reflection count check
(clazz.memberProperties.size == 22) which will fail when fields change; remove
this hard-coded assertion and instead rely on the explicit per-property
assertions already present (or replace it with a behavior-focused check that
verifies required property names exist by comparing
OidcClientConfig::class.memberProperties.map { it.name } against an explicit
list of expected names). Update the test to reference OidcClientConfig and
clazz/memberProperties when locating properties but do not assert a fixed
numeric count.

In `@foundation/oidc/src/test/kotlin/com/pingidentity/oidc/OidcClientTest.kt`:
- Around line 695-732: The test currently only asserts that oidcClient.token()
returns Failure<OidcError>; update the assertion to verify the failure wraps the
specific AuthorizeException thrown on PAR failure (from populateRequest) —
locate the test `token with PAR enabled fails when PAR endpoint returns an
error`, call `oidcClient.token()`, then assert the result is a Failure and that
its cause or contained error is an instance of `AuthorizeException` (and
optionally assert the exception message) to ensure PAR-specific failures are
validated; references: OidcClient.token(), populateRequest, AuthorizeException,
PARTestAgent.

In `@journey/src/test/kotlin/com/pingidentity/journey/JourneyTest.kt`:
- Around line 918-944: Test uses brittle index-based lookups on
mockEngine.requestHistory (e.g., mockEngine.requestHistory[3] and [4]) to find
the PAR and authorize requests; change assertions to locate requests by URL
pattern instead: search mockEngine.requestHistory for an entry whose
url.toString() or url.encodedPath contains the PAR endpoint (e.g., "/par" or
"par") to assign parRequest, and similarly find the authorize request by
matching the authorize URL or presence of "request_uri" to assign
authorizeRequest, then run the same body and query assertions against those
found request objects (use the existing variables parRequest and
authorizeRequest to keep rest of assertions unchanged).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9b21a042-4060-4358-b0c0-8c654fe92256

📥 Commits

Reviewing files that changed from the base of the PR and between 608af4f and e52de65.

📒 Files selected for processing (14)

• davinci/src/test/kotlin/com/pingidentity/davinci/DaVinciTest.Response.kt
• davinci/src/test/kotlin/com/pingidentity/davinci/DaVinciTest.kt
• foundation/oidc/src/main/kotlin/com/pingidentity/oidc/Constants.kt
• foundation/oidc/src/main/kotlin/com/pingidentity/oidc/OidcClientConfig.kt
• foundation/oidc/src/main/kotlin/com/pingidentity/oidc/OpenIdConfiguration.kt
• foundation/oidc/src/main/kotlin/com/pingidentity/oidc/module/OidcRequest.kt
• foundation/oidc/src/test/kotlin/com/pingidentity/oidc/OidcClientConfigTest.kt
• foundation/oidc/src/test/kotlin/com/pingidentity/oidc/OidcClientTest.kt
• foundation/oidc/src/test/kotlin/com/pingidentity/oidc/OidcWebClientTest.kt
• foundation/oidc/src/test/kotlin/com/pingidentity/oidc/OpenIdConfigurationTest.kt
• foundation/oidc/src/test/kotlin/com/pingidentity/oidc/Response.kt
• journey/src/main/kotlin/com/pingidentity/journey/module/Agent.kt
• journey/src/test/kotlin/com/pingidentity/journey/JourneyTest.Response.kt
• journey/src/test/kotlin/com/pingidentity/journey/JourneyTest.kt

[coderabbitai]

🧹 Nitpick comments (1)

foundation/oidc/src/main/kotlin/com/pingidentity/oidc/module/OidcRequest.kt (1)

82-82: Minor: UI_LOCATES constant appears to be a typo for UI_LOCALES.

The constant UI_LOCATES (line 82, referencing Constants.UI_LOCATES at line 27) is used for the ui_locales OAuth parameter. While this is functionally correct since the constant value is "ui_locales", the constant name itself appears to be misspelled.

This is an existing issue (not introduced in this PR) and doesn't affect runtime behavior, but consider renaming for clarity in a future cleanup.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@foundation/oidc/src/main/kotlin/com/pingidentity/oidc/module/OidcRequest.kt`
at line 82, The constant Constants.UI_LOCATES is a misspelled identifier for the
OAuth parameter "ui_locales" (used via onParam in
OidcRequest.onParam(UI_LOCATES, it)); rename the constant to
Constants.UI_LOCALES (update its declaration and all usages including the
reference in OidcRequest) so the identifier matches the parameter name, and keep
the constant value "ui_locales" unchanged to preserve behavior.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@foundation/oidc/src/main/kotlin/com/pingidentity/oidc/module/OidcRequest.kt`:
- Line 82: The constant Constants.UI_LOCATES is a misspelled identifier for the
OAuth parameter "ui_locales" (used via onParam in
OidcRequest.onParam(UI_LOCATES, it)); rename the constant to
Constants.UI_LOCALES (update its declaration and all usages including the
reference in OidcRequest) so the identifier matches the parameter name, and keep
the constant value "ui_locales" unchanged to preserve behavior.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e2f74ef7-3c45-49bb-8e42-04a6ca034b47

📥 Commits

Reviewing files that changed from the base of the PR and between e52de65 and d61448c.

📒 Files selected for processing (14)

• davinci/src/test/kotlin/com/pingidentity/davinci/DaVinciTest.Response.kt
• davinci/src/test/kotlin/com/pingidentity/davinci/DaVinciTest.kt
• foundation/oidc/src/main/kotlin/com/pingidentity/oidc/Constants.kt
• foundation/oidc/src/main/kotlin/com/pingidentity/oidc/OidcClientConfig.kt
• foundation/oidc/src/main/kotlin/com/pingidentity/oidc/OpenIdConfiguration.kt
• foundation/oidc/src/main/kotlin/com/pingidentity/oidc/module/OidcRequest.kt
• foundation/oidc/src/test/kotlin/com/pingidentity/oidc/OidcClientConfigTest.kt
• foundation/oidc/src/test/kotlin/com/pingidentity/oidc/OidcClientTest.kt
• foundation/oidc/src/test/kotlin/com/pingidentity/oidc/OidcWebClientTest.kt
• foundation/oidc/src/test/kotlin/com/pingidentity/oidc/OpenIdConfigurationTest.kt
• foundation/oidc/src/test/kotlin/com/pingidentity/oidc/Response.kt
• journey/src/main/kotlin/com/pingidentity/journey/module/Agent.kt
• journey/src/test/kotlin/com/pingidentity/journey/JourneyTest.Response.kt
• journey/src/test/kotlin/com/pingidentity/journey/JourneyTest.kt

✅ Files skipped from review due to trivial changes (3)

• journey/src/test/kotlin/com/pingidentity/journey/JourneyTest.Response.kt
• foundation/oidc/src/main/kotlin/com/pingidentity/oidc/Constants.kt
• foundation/oidc/src/test/kotlin/com/pingidentity/oidc/OpenIdConfigurationTest.kt

🚧 Files skipped from review as they are similar to previous changes (5)

• foundation/oidc/src/main/kotlin/com/pingidentity/oidc/OpenIdConfiguration.kt
• foundation/oidc/src/test/kotlin/com/pingidentity/oidc/Response.kt
• foundation/oidc/src/main/kotlin/com/pingidentity/oidc/OidcClientConfig.kt
• foundation/oidc/src/test/kotlin/com/pingidentity/oidc/OidcWebClientTest.kt
• davinci/src/test/kotlin/com/pingidentity/davinci/DaVinciTest.kt

[vibhorgoswami]

LGTM

[spetrov]

LGTM! 👍🏻