My main concern with the current implementation is that we will have to specify the security scheme for every requests when the most common usage will probably be to have a unique security scheme defined for the whole API. And so, not defined per endpoint and so, not defined per Request but at ApiClient level most probably.
But maybe should be addressed in a separated PR to support both approaches.
you're right, I've focused on this operation-level security because that's what we needed right now, but we must still add support for global security requirements, we can track that via other issues when we need it, also other types of authentication can be added/tracked the same way
you're right, I've focused on this operation-level security because that's what we needed right now, but we must still add support for global security requirements, we can track that via other issues when we need it, also other types of authentication can be added/tracked the same way