Skip to content

[Bug]: Incorrect Serialisation of Sets in SessionAuthenticationApi #1640

Open
Open
[Bug]: Incorrect Serialisation of Sets in SessionAuthenticationApi#1640
Labels
bugSomething isn't workingneeds response
@bakerg

Description

@bakerg
bakerg
opened on Mar 9, 2026

Description

Sets are serialised to empty object ({}) in the SessionAuthenticationApi.createAuthenticationSession API request

Steps to reproduce

  1. Use the Adyen SDK to make the create authentication session request, specifying Sets for roles and resources as the types require.
  2. Intercept the request (or in some other way inspect the serialised request body)

Actual behavior

The roles and resources are serialised to '{}'. Example object sent to Adyen by the SDK:

{
  allowOrigin: 'https://example.com',
  policy: { resources: {}, roles: {} },
  product: 'platform'
}

Expected behavior

The Sets provided should be serialised correctly into arrays so that the request sent to Adyen includes the values from the Sets. Alternately arrays could be provided to the SDK directly if the types were updated. I think the source of these being generated as Sets in this SDK is https://github.com/Adyen/adyen-openapi/blob/main/yaml/SessionAuthenticationService-v1.yaml#L262 and https://github.com/Adyen/adyen-openapi/blob/main/yaml/SessionAuthenticationService-v1.yaml#L280 I'm not sure if that's used elsewhere in the API but presumably it would cause the same issues anywhere else it does appear.

Code snippet or screenshots (if applicable)

import { Client, Config, EnvironmentEnum, SessionAuthenticationAPI } from '@adyen/api-library';
import nock from 'nock';
import { ProductType } from '@adyen/api-library/lib/src/typings/sessionAuthentication/productType';
import { AuthenticationSessionRequest } from '@adyen/api-library/lib/src/typings/sessionAuthentication/authenticationSessionRequest';
import { ResourceType } from '@adyen/api-library/lib/src/typings/sessionAuthentication/resourceType';

async function reproduceSerializationBug() {
  // 1. Initialise Adyen Client with dummy credentials
  const config = new Config();
  config.apiKey = 'dummy_api_key';
  config.environment = EnvironmentEnum.TEST;
  const client = new Client(config);

  const sessionApi = new SessionAuthenticationAPI(client);

  // 2. Intercept the outbound HTTP request using nock
  nock('https://test.adyen.com')
    .post(/.*/) // Catch any POST request made by the client
    .reply(200, function (_uri, requestBody) {
      console.log('\nACTUAL HTTP PAYLOAD SENT BY SDK:');
      console.log(requestBody);
      return { id: 'mocked_session_id' };
    });

  // 3. Construct payload strictly adhering to the SDK's generated TS types (Set)
  const payload: AuthenticationSessionRequest = {
    product: ProductType.Platform,
    policy: {
      // The SDK typings demand Sets here
      roles: new Set(['onboarding', 'verification']),
      resources: new Set([
        {
          type: ResourceType.AccountHolder,
          accountHolderId: 'AH123456789',
        },
      ]),
    },
    allowOrigin: 'https://example.com',
  };

  console.log('TYPESCRIPT PAYLOAD PROVIDED TO SDK:');
  console.log(payload);

  try {
    // 4. Execute the SDK method
    await sessionApi.SessionAuthenticationApi.createAuthenticationSession(payload);
  } catch (error) {
    console.error('SDK Error:', error);
  }
}

reproduceSerializationBug();

Adyen Node API Library version

30.1.0

Node.js version

24.14.0

NPM version

11.9.0

Operating System

macOS

Additional context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingneeds response

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions