AbstractCompositeAuthenticationProvider filtering requests with all defined security schemas (only one should be enough) #430
Labels
area:client
This item is related to the client extension
bug
Something isn't working
pinned
Issues and PRs that must not stale
Discussed in #415
Originally posted by ayhanap July 21, 2023
Given an openapi spec with two security schemas and an operation with a security requirment object of those two schemas, quarkus-openapi-generator generates an
AbstractCompositeAuthenticationProvider
.The problem here is
AbstractCompositeAuthenticationProvider
tries to filter requests with all of these security schemas but all of these security schemas are not required, only one is enough.https://spec.openapis.org/oas/v3.1.0#security-requirement-object
How can we specify which security schema to use? For instance, I want to use basicAuth but the request filter fails because it cannot find OIDC configs. I couldn't find an answer going through this repository.
Here is a spec as an example.
With security schema definitions below.
And an operation with the below required security requirement object.
The text was updated successfully, but these errors were encountered: