Handle apps with the "MFA_AS_SERVICE" sign-on mode

.circleci/config.yml

@@ -8,7 +8,8 @@ orbs:
 
 jobs:
   build_and_test:
-    executor: python/default
+    docker:
+      - image: cimg/python:3.10
     steps:
       - checkout
       - python/install-packages:

.github/workflows/python-package.yml

@@ -16,7 +16,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
+        python-version: ["3.10", "3.11", "3.12", "3.13"]
 
     steps:
     - uses: actions/checkout@v2

.github/workflows/python.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
+        python-version: ["3.10", "3.11", "3.12", "3.13"]
 
     steps:
       - uses: actions/checkout@v3

docs/ApplicationSignOnMode.md

@@ -1,6 +1,6 @@
 # ApplicationSignOnMode
 
-Authentication mode for the app  | signOnMode | Description | | ---------- | ----------- | | AUTO_LOGIN | Secure Web Authentication (SWA) | | BASIC_AUTH | HTTP Basic Authentication with Okta Browser Plugin | | BOOKMARK | Just a bookmark (no-authentication) | | BROWSER_PLUGIN | Secure Web Authentication (SWA) with Okta Browser Plugin | | OPENID_CONNECT | Federated Authentication with OpenID Connect (OIDC) | | SAML_1_1 | Federated Authentication with SAML 1.1 WebSSO (not supported for custom apps) | | SAML_2_0 | Federated Authentication with SAML 2.0 WebSSO | | SECURE_PASSWORD_STORE | Secure Web Authentication (SWA) with POST (plugin not required) | | WS_FEDERATION | Federated Authentication with WS-Federation Passive Requestor Profile |  Select the `signOnMode` for your custom app: 
+Authentication mode for the app  | signOnMode | Description | | ---------- | ----------- | | AUTO_LOGIN | Secure Web Authentication (SWA) | | BASIC_AUTH | HTTP Basic Authentication with Okta Browser Plugin | | BOOKMARK | Just a bookmark (no-authentication) | | BROWSER_PLUGIN | Secure Web Authentication (SWA) with Okta Browser Plugin | | OPENID_CONNECT | Federated Authentication with OpenID Connect (OIDC) | | SAML_1_1 | Federated Authentication with SAML 1.1 WebSSO (not supported for custom apps) | | SAML_2_0 | Federated Authentication with SAML 2.0 WebSSO | | SECURE_PASSWORD_STORE | Secure Web Authentication (SWA) with POST (plugin not required) | | WS_FEDERATION | Federated Authentication with WS-Federation Passive Requestor Profile | | MFA_AS_SERVICE |  |  Select the `signOnMode` for your custom app: 
 
 ## Properties
 

okta/models/application.py

@@ -50,6 +50,7 @@
     from okta.models.basic_auth_application import BasicAuthApplication
     from okta.models.bookmark_application import BookmarkApplication
     from okta.models.browser_plugin_application import BrowserPluginApplication
+    from okta.models.application import Application
     from okta.models.open_id_connect_application import OpenIdConnectApplication
     from okta.models.saml11_application import Saml11Application
     from okta.models.saml_application import SamlApplication
@@ -59,7 +60,7 @@
     from okta.models.ws_federation_application import WsFederationApplication
 
 
-class Application(BaseModel):
+class Application(BaseModel):  # noqa: F811
     """
     Application
     """  # noqa: E501
@@ -209,6 +210,7 @@ def features_validate_enum(cls, value):
         "BASIC_AUTH": "BasicAuthApplication",
         "BOOKMARK": "BookmarkApplication",
         "BROWSER_PLUGIN": "BrowserPluginApplication",
+        "MFA_AS_SERVICE": "Application",
         "OPENID_CONNECT": "OpenIdConnectApplication",
         "SAML_1_1": "Saml11Application",
         "SAML_2_0": "SamlApplication",
@@ -241,6 +243,7 @@ def from_json(cls, json_str: str) -> Optional[
             BasicAuthApplication,
             BookmarkApplication,
             BrowserPluginApplication,
+            Application,
             OpenIdConnectApplication,
             Saml11Application,
             SamlApplication,
@@ -339,6 +342,7 @@ def from_dict(cls, obj: Dict[str, Any]) -> Optional[
             BasicAuthApplication,
             BookmarkApplication,
             BrowserPluginApplication,
+            Application,
             OpenIdConnectApplication,
             Saml11Application,
             SamlApplication,
@@ -365,6 +369,8 @@ def from_dict(cls, obj: Dict[str, Any]) -> Optional[
             return import_module(
                 "okta.models.browser_plugin_application"
             ).BrowserPluginApplication.from_dict(obj)
+        if object_type == "Application":
+            return import_module("okta.models.application").Application.from_dict(obj)
         if object_type == "OpenIdConnectApplication":
             return import_module(
                 "okta.models.open_id_connect_application"

okta/models/application_sign_on_mode.py

@@ -36,7 +36,7 @@ class ApplicationSignOnMode(str, Enum):
     Federated Authentication with OpenID Connect (OIDC) | | SAML_1_1 | Federated Authentication with SAML 1.1 WebSSO (not
     supported for custom apps) | | SAML_2_0 | Federated Authentication with SAML 2.0 WebSSO | | SECURE_PASSWORD_STORE |
     Secure Web Authentication (SWA) with POST (plugin not required) | | WS_FEDERATION | Federated Authentication with
-    WS-Federation Passive Requestor Profile |  Select the `signOnMode` for your custom app:
+    WS-Federation Passive Requestor Profile | | MFA_AS_SERVICE |  |  Select the `signOnMode` for your custom app:
     """
 
     """
@@ -51,6 +51,7 @@ class ApplicationSignOnMode(str, Enum):
     SAML_2_0 = "SAML_2_0"
     SECURE_PASSWORD_STORE = "SECURE_PASSWORD_STORE"
     WS_FEDERATION = "WS_FEDERATION"
+    MFA_AS_SERVICE = "MFA_AS_SERVICE"
 
     @classmethod
     def from_json(cls, json_str: str) -> Self:

openapi/api.yaml

@@ -59271,6 +59271,7 @@ components:
           SAML_2_0: '#/components/schemas/SamlApplication'
           SECURE_PASSWORD_STORE: '#/components/schemas/SecurePasswordStoreApplication'
           WS_FEDERATION: '#/components/schemas/WsFederationApplication'
+          MFA_AS_SERVICE: '#/components/schemas/Application'
     ApplicationAccessibility:
       description: Specifies access settings for the app
       type: object
@@ -59733,6 +59734,7 @@ components:
         | SAML_2_0 | Federated Authentication with SAML 2.0 WebSSO |
         | SECURE_PASSWORD_STORE | Secure Web Authentication (SWA) with POST (plugin not required) |
         | WS_FEDERATION | Federated Authentication with WS-Federation Passive Requestor Profile |
+        | MFA_AS_SERVICE |  |
 
         Select the `signOnMode` for your custom app:
       type: string
@@ -59746,6 +59748,7 @@ components:
         - SAML_2_0
         - SECURE_PASSWORD_STORE
         - WS_FEDERATION
+        - MFA_AS_SERVICE
     ApplicationType:
       description: 'The type of client application. Default value: `web`.'
       type: string

openapi/templates/requirements.mustache

@@ -1,7 +1,6 @@
 aenum==3.1.11
 aiohttp==3.12.14
 blinker==1.9.0
-flatdict==4.0.1
 jwcrypto==1.5.6
 pycryptodomex==3.23.0
 pydantic==2.11.3
@@ -20,4 +19,4 @@ pytest-asyncio==0.26.0
 pytest-mock==3.14.0
 pytest-recording==0.13.2
 tox==4.24.2
-twine==6.1.0
+twine==6.1.0

openapi/templates/setup.mustache

@@ -36,7 +36,6 @@ REQUIRES = [
     "aenum >= 3.1.11",
     "aiohttp >= 3.12.14",
     "blinker >= 1.9.0",
-    "flatdict >= 4.0.1",
     'jwcrypto >= 1.5.6',
     "pycryptodomex >= 3.23.0",
     "pydantic >= 2.11.3",

requirements.txt

@@ -1,7 +1,7 @@
 aenum==3.1.11
 aiohttp==3.12.14
 blinker==1.9.0
-flatdict==4.0.1
+flatdict==4.1.0
 jwcrypto==1.5.6
 pycryptodomex==3.23.0
 pydantic==2.11.3
@@ -20,4 +20,4 @@ pytest-asyncio==0.26.0
 pytest-mock==3.14.0
 pytest-recording==0.13.2
 tox==4.24.2
-twine==6.1.0
+twine==6.1.0

setup.py

@@ -36,7 +36,6 @@
     "aenum >= 3.1.11",
     "aiohttp >= 3.12.14",
     "blinker >= 1.9.0",
-    "flatdict >= 4.0.1",
     'jwcrypto >= 1.5.6',
     "pycryptodomex >= 3.23.0",
     "pydantic >= 2.11.3",