[BUG][typescript-fetch] OAuth header should start with "Bearer"

[jbreton]

Bug Report Checklist

• [x] Have you provided a full/minimal spec to reproduce the issue?
• [x] Have you validated the input using an OpenAPI validator (example)?
• [x] Have you tested with the latest master to confirm the issue still exists?
• [x] Have you searched for related issues/PRs?
• [x] What's the actual output vs expected output?
• [ ] [Optional] Sponsorship to speed up the bug fix or feature request (example)

Description

The OAuth support of api clients for typescript-fetch does not include the "Bearer" prefix.

Base on RFC-6750, the authentication header value should start with "Bearer". If we compare typescript-fetch (OAuth support with basic bearer (lines 170-178) and also other OAuth implementations, the "Bearer" prefix should be added by the API client.

openapi-generator version

Affects 6.0.0 and is present since at least 5.2.1

OpenAPI declaration file content or url

openapi: "3.0.0"
info:
  version: 1.0.0
  title: Swagger Petstore
  license:
    name: MIT
paths:
  /pets/{petId}:
    get:
      summary: Info for a specific pet
      operationId: showPetById
      tags:
        - pets
      parameters:
        - name: petId
          in: path
          required: true
          description: The id of the pet to retrieve
          schema:
            type: string
      responses:
        '200':
          description: Expected response to a valid request
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/Pet"
        default:
          description: unexpected error
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/Error"
      security:
        - OAuth2:
          - requiredscope
components:
  schemas:
    Pet:
      type: object
      required:
        - id
        - name
      properties:
        id:
          type: integer
          format: int64
        name:
          type: string
        tag:
          type: string
    Error:
      type: object
      required:
        - code
        - message
      properties:
        code:
          type: integer
          format: int32
        message:
          type: string
  securitySchemes:
    OAuth2:
      type: oauth2
      flows:
        authorizationCode:
          authorizationUrl: https://example.com/oauth/authorize
          tokenUrl: https://example.com/oauth/token
          scopes:
            requiredscope: Description

Generation Details

I generated the client using java -jar modules/openapi-generator-cli/target/openapi-generator-cli.jar generate -i typescript-fetch-oauth.yml -g typescript-fetch -o output

Steps to reproduce

1. Store the API definition from above in a file named typescript-fetch-oauth.yml
2. Run the above mentioned command line
3. Check the file output/apis/PetsApi.ts

The generated code looks like this :

            if (tokenString) {
               headerParameters["Authorization"] = await this.configuration.accessToken("OAuth2", ["requiredscope"]);
            }

It should look like this :

        if (this.configuration && this.configuration.accessToken) {
            // oauth required
            const token = this.configuration.accessToken;
            const tokenString = await token("OAuth2", ["requiredscope"]);

            if (tokenString) {
                headerParameters["Authorization"] = `Bearer ${tokenString}`;
            }
        }

Suggest a fix

diff --git a/modules/openapi-generator/src/main/resources/typescript-fetch/apis.mustache b/modules/openapi-generator/src/main/resources/typescript-fetch/apis.mustache
index 3249eb97708..eb4e41e947e 100644
--- a/modules/openapi-generator/src/main/resources/typescript-fetch/apis.mustache
+++ b/modules/openapi-generator/src/main/resources/typescript-fetch/apis.mustache
@@ -195,7 +195,12 @@ export class {{classname}} extends runtime.BaseAPI {
         {{#isOAuth}}
         if (this.configuration && this.configuration.accessToken) {
             // oauth required
-            headerParameters["Authorization"] = await this.configuration.accessToken("{{name}}", [{{#scopes}}"{{{scope}}}"{{^-last}}, {{/-last}}{{/scopes}}]);
+            const token = this.configuration.accessToken;
+            const tokenString = await token("{{name}}", [{{#scopes}}"{{{scope}}}"{{^-last}}, {{/-last}}{{/scopes}}]);
+
+            if (tokenString) {
+                headerParameters["Authorization"] = `Bearer ${tokenString}`;
+            }
         }

         {{/isOAuth}}

[TiFu]

Just to also record my comment in #12515 here:

If my understanding is correct, RFC 6749, section 7.1 Access tokens does specify that other access token types such as Oauth-HTTP-MAC are also permissible. Thus, adding the Bearer prefix (and thus assuming this is the access token type used) would be incorrect.

Consequently, I would suggest to classify this as not a bug. Open to adding some additional documentation to configuration.accessToken as mentioned in #12515.