It appears that one of the Microsoft SCIM Validator tests is failing, and I suspect it might be a bug in their tool. I’m reporting this for awareness and further investigation

[omar7c3]

I’ve noticed a bug on Microsoft’s end—one of their testing is failing per their tool (you can find it at this [link] https://scimvalidator.microsoft.com/) as shown below,

However, I don’t believe it’s a bug in the Scimmy library. The issue arises from a PATCH request with a blank required ‘Operations’ attribute. To address this, I made a tweak in the Messages.js file (specifically, I updated line 275 from if (this.#dispatched && !operations.length) to if (this.#dispatched && !operations)). This adjustment is relevant for those who want to use and test against the Microsoft SCIM Validator. And hey, kudos to you for implementing and publishing this fantastic SCIM library! 😊

[sleelin]

Hi @omar7c3, thanks for raising this issue and apologies for the delay in addressing it!
Regarding the format of PATCH requests, according to the SCIM protocol specification in RFC7644§3.5.2:

The body of an HTTP PATCH request MUST contain the attribute "Operations", whose value is an array of one or more PATCH operations.

My understanding is that this would seem to suggest that a PATCH request is only valid if it contains one or more valid patch operations, so the correct response should be the 400 Bad Request error that is currently being thrown?
If you can find a point of contact for the developers of the validator tool at Microsoft, I'd suggest raising it with them, but last I saw the tool had various other protocol compliance issues that meant it wasn't feasible to support.

P.S. it's worth noting that the distributed files/code included in the published versions of NPM go through a build step, so the line of code you changed may not always stay the same, depending on changes in the underlying source code.

Thanks,
Sam