Created by: sebastien-rosset
Fix for #3844 (closed):
- Do not add auth parameter in HTTP request if auth parameter is set None
- Add attribute to control which auth schemes can be used.
Currently, the python client obtains the list of security schemes that have been specified in the OAS spec, and automatically adds the authentication attributes in the header, cookie or query. This happens even if the parameters are unset. For example, the "Authorization" header may be set with an empty Bearer token:
'Authorization': 'Bearer '
With this PR, the bearer access token is no longer set if its value is None.
Tests performed:
- Use OAS spec that specifies more than one security scheme for a given operation, e.g. OAuth2 and cookie
- Generate the Python SDK using the master branch
- Write a Python client that sets the cookie but not the OAuth2 access token
- Invoke the client and verifies both auth attributes have been set (causing auth failure)
- Generate the Python SDK using code from this PR
- Invoke the client again, verify the auth parameters are set conditionally.
PR checklist
-
Read the contribution guidelines. -
If contributing template-only or documentation-only changes which will change sample output, build the project before. -
Run the shell script(s) under ./bin/
(or Windows batch scripts under.\bin\windows
) to update Petstore samples related to your fix. This is important, as CI jobs will verify all generator outputs of your HEAD commit, and these must match the expectations made by your contribution. You only need to run./bin/{LANG}-petstore.sh
,./bin/openapi3/{LANG}-petstore.sh
if updating the code or mustache templates for a language ({LANG}
) (e.g. php, ruby, python, etc). -
File the PR against the correct branch: master
,4.3.x
,5.0.x
. Default:master
. -
Copy the technical committee to review the pull request if your PR is targeting a particular programming language.