UpdateUserResponseContent deserialization fails for users with MFA - multifactor field expects String but receives Object

[pexa-meffendy]

Checklist

• I have looked into the Readme and Examples, and have not found a suitable solution or answer.
• I have looked into the API documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Description

• SDK version: 3.8.0 (also affects 3.6.0+)
• Method: ManagementApi.users().update(userId, request)
• Problem: UpdateUserResponseContent.multifactor is typed as Optional<List>, but for users with MFA
  authenticators enrolled, the Auth0 Management API returns objects in the array (e.g., [{"type": "totp", ...}]),
  causing MismatchedInputException
• Impact: The PATCH to /api/v2/users/{id} succeeds (app_metadata is updated), but the SDK throws when
  deserializing the response, making it appear as a failure
• Stack trace: Include the MismatchedInputException trace pointing at
  UpdateUserResponseContent$Builder["multifactor"]->java.util.ArrayList[1]
• Workaround: Catching ManagementException with MismatchedInputException root cause and treating as success

Reproduction

1. Have a user in Auth0 with MFA enrolled (e.g., TOTP authenticator)
2. Call update on that user:

kotlin
val request = UpdateUserRequestContent.builder()
.appMetadata(mapOf("isBlocked" to true))
.build()

managementApi.users().update("auth0|", request)

3. The PATCH succeeds (verify in Auth0 Dashboard - app_metadata is updated)
4. SDK throws MismatchedInputException when parsing the response

The issue is that the response JSON contains:

{
 "multifactor": [
   "guardian",
   { "type": "totp", "confirmed": true, ... }
 ]
}

But UpdateUserResponseContent expects List<String> for the multifactor field.

Additional context

No response

auth0-java version

3.8.0

Java version

Java 21