You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When defining an OpenApiSecurityScheme of type http with the scheme bearer, the default value for In is set to Query instead of Header. According to the OpenAPI Specification, header should be the implied default when the type is http and the scheme is bearer.
Expected behavior
The default value for OpenApiSecurityScheme.In should be Header when the type is http and the scheme is bearer, aligning with the OpenAPI Specification’s default behavior.
Additional context
This issue causes incorrect behavior when generating clients or code based on the OpenAPI definition, as the security token is expected to be sent as a query parameter instead of the Authorization header.