[BUG][PYTHON] Multiple authentication schemes are used, only want to use one
Created by: phillip-elliott
Bug Report Checklist
-
Have you provided a full/minimal spec to reproduce the issue? -
Have you validated the input using an OpenAPI validator (example)? -
What's the version of OpenAPI Generator used? -
Have you search for related issues/PRs? -
What's the actual output vs expected output? -
[Optional] Bounty to sponsor the fix (example)
Description
I have a spec with the following securitySchemes:
"securitySchemes": {
"APIKeyHeader": {
"type": "apiKey",
"name": "API-Key",
"in": "header"
},
"basicAuth": {
"type": "http",
"scheme": "basic"
}
}
I am applying these schemes globally, indicating that either APIKeyHeader OR basicAuth can be used:
security": [
{
"APIKeyHeader": []
},
{
"basicAuth": []
}
],
When using a python client, I do the following:
config = Configuration()
config.host = base_url
config.api_key['API-Key'] = api_key
api_client = ApiClient(configuration=config)
project_api = ProjectsApi(api_client)
I am not providing a username or password. I would expect the python client to ignore the basic auth scheme and just use the apiKey scheme instead. Instead, both are used and all requests are denied (403).
openapi-generator version
4.1.1
OpenAPI declaration file content or url
https://gist.github.com/phillip-elliott/0438a8159f138e1f270a7814b81e65d9
Command line used for generation
openapi-generator generate -i openapispec.json -g python
Suggest a fix
The python client's Configuration class has a method named get_basic_auth_token. This method could return None if username and password are both set to None. If it returns None, then I believe the basic auth header will not be added to the requests (see ApiClient.update_params_for_auth).