[BUG] [Authentication] OR'ing duplicate authMethods
Created by: nhomble
Bug Report Checklist
-
Have you provided a full/minimal spec to reproduce the issue? -
Have you validated the input using an OpenAPI validator (example)? -
What's the version of OpenAPI Generator used? -
Have you search for related issues/PRs? -
What's the actual output vs expected output? -
[Optional] Bounty to sponsor the fix (example)
Description
Based off discussion in the spec in here and the Use Multiple Authentication Types section, I should be able to reuse authMethods in the security section of my path.
openapi-generator version
Off master
OpenAPI declaration file content or url
https://github.com/nhomble/repro-multiple-authmethods
components:
securitySchemes:
myAuth:
type: oauth2
flows:
authorizationCode:
scopes:
read: ability to read
write: ability to write
pet: ability on pet
paths:
/pets
get:
summary: get pets
security:
- myAuth: [ read, pet ]
- myAuth: [ write, pet ] # if you can update we'll let you read too
Command line used for generation
The investigation has lead me to the generator, but I was reproducing this off of tests in SpringCodegenTest
Steps to reproduce
- define oauth2 scopes in security schemes
- use the same securityScheme on an api (with different scopes)
- Eval the spring code generator
- notice how we lose reference in the swagger annotations
And this has caused issues for me in https://github.com/OpenAPITools/openapi-generator/pull/6358
Suggest a fix
Debugging has brought us to the line
Map<String, SecurityScheme> authMethods = getAuthMethods(securities, securitySchemes);
in DefaultGenerator.java
the loops blindly put auth methods into the authMethods map by name even if the key exists. Maybe we need to consider accumulating collisions in the value and then iterate later in generation.