Rust SDK doesn't allow to access cookies of a request

[akkie]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [ ] I have joined the Ory Community Slack.
• [ ] I am signed up to the Ory Security Patch Newsletter.

Describe the bug

The rust SDK returns only the flow object and therefore it's not possible to access cookies from the response to forward them.

As example: The JS SDK returns a AxiosPromise which contains the complete response. The rust SDK returns only the flow object.

Therefore it's not possible to forward the CSRF cookie to the client if I call create_browser_login_flow as example.

Reproducing the bug

Call the create_browser_login_flow of the rust crate.

Version

1.0.0

On which operating system are you observing this issue?

macOS

In which environment are you deploying?

Docker

[akkie]

I could look into the issue but I need to know first, is there a special reason why you use a custom template instead of one of the supported rust templates? https://github.com/OpenAPITools/openapi-generator/tree/master/samples/client/petstore/rust

[akkie]

After looking into it a bit more, it turns out that there are several things that need to be done, and that it may affect some of the SDKs that are generated, because the way it's implemented for some clients is not the way it should work.

The first thing that needs to be done, is to document response headers in your spec as pointed out in the documentation: https://spec.openapis.org/oas/v3.1.0#response-object

There is currently an issue with multiple headers of the same name. For some APIs, there are multiple Set-Cookie headers returned and the way how headers are defined (key-value pairs) doesn't allow to define multiple headers with the same name. There is a workaround which uses null bytes to define multiple Set-Cookie headers.

The second thing is that the code generators needs to implement the handling of this response headers. There are currently open feature requests for many languages: https://github.com/OpenAPITools/openapi-generator/issues/16111 https://github.com/OpenAPITools/openapi-generator/issues/13403 https://github.com/OpenAPITools/openapi-generator/issues/12855 https://github.com/OpenAPITools/openapi-generator/issues/12403