q-stefanmuscalu
commented
7 months ago The swagger documentation explains how multiple security schemes should be treated:
In the following example, the API calls can be authenticated using either an API key or OAuth 2.
security:
- ApiKeyAuth: []
- OAuth2:
- read
- write
Bug Report Checklist
Description
The scala-sttp generator does not apply security correctly when there are multiple schemes available. For example, if I define a bearer token, API key and basic username and password authentication, the generated code expects all three to be provided with each call:
def hello(username: String, password: String, apiKey: String, bearerToken: String)(name: String): Request[Either[Either[String, String], Unit], Any]The API should only expect one of the following:openapi-generator version
Found on version 7.2.0 and confirmed the same behaviour on the master branch.
OpenAPI declaration file content or url
https://gist.github.com/q-stefanmuscalu/4eb73a5335d71337d1bf01770263e74d
Generation Details
No special steps. I'm using the gradle plugin and setting
generatorName.set("scala-sttp")Steps to reproduce
Generate a scala-sttp client from the spec
Related issues/PRs
Suggest a fix
Other clients, such as the Java and Python ones do not require all security schemes with every call. For example, the Java client only applies basic auth if both the user and password are defined. It only sets the api key header if the api key has been set to something. Otherwise, it skips the step and does not set the header. The Scala client should do the same.