enable scopes for all security scheme types (#17083)

OpenAPITools · Dec 9, 2023 · a21e681 · a21e681
1 parent 5831848
commit a21e681
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 6 deletions.
diff --git a/modules/openapi-generator/src/main/java/org/openapitools/codegen/CodegenSecurity.java b/modules/openapi-generator/src/main/java/org/openapitools/codegen/CodegenSecurity.java
@@ -22,6 +22,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
+import java.util.stream.Collectors;
 
 public class CodegenSecurity {
     public String name;
@@ -89,6 +90,16 @@ public CodegenSecurity (CodegenSecurity original) {
     public CodegenSecurity filterByScopeNames(List<String> filterScopes) {
         CodegenSecurity filteredSecurity = new CodegenSecurity(this);
 
+        // Since OAS 3.1.0, security scheme types other than "oauth2" and "openIdConnect" may have a list of role names
+        // which are required for the execution, but are not otherwise defined or exchanged in-band.
+        // In such cases, no filtering is performed.
+        if (!(isOAuth || isOpenId)) {
+            filteredSecurity.scopes = filterScopes.stream()
+                .map(s -> new HashMap<String, Object>(Map.of("scope", s)))
+                .collect(Collectors.toList());
+            return filteredSecurity;
+        }
+
         if (scopes == null) {
             return filteredSecurity;
         }

diff --git a/modules/openapi-generator/src/main/java/org/openapitools/codegen/DefaultGenerator.java b/modules/openapi-generator/src/main/java/org/openapitools/codegen/DefaultGenerator.java
@@ -1594,7 +1594,7 @@ private List<CodegenSecurity> filterAuthMethods(List<CodegenSecurity> authMethod
 
         for (CodegenSecurity security : authMethods) {
             boolean filtered = false;
-            if (security != null && security.scopes != null) {
+            if (security != null) {
                 for (SecurityRequirement requirement : securities) {
                     List<String> opScopes = requirement.get(security.name);
                     if (opScopes != null) {

diff --git a/modules/openapi-generator/src/main/resources/JavaSpring/api.mustache b/modules/openapi-generator/src/main/resources/JavaSpring/api.mustache
@@ -178,7 +178,7 @@ public interface {{classname}} {
         }{{#hasAuthMethods}},
         security = {
             {{#authMethods}}
-            @SecurityRequirement(name = "{{name}}"{{#isOAuth}}, scopes={ {{#scopes}}"{{scope}}"{{^-last}}, {{/-last}}{{/scopes}} }{{/isOAuth}}){{^-last}},{{/-last}}
+            @SecurityRequirement(name = "{{name}}"{{#scopes.0}}, scopes={ {{#scopes}}"{{scope}}"{{^-last}}, {{/-last}}{{/scopes}} }{{/scopes.0}}){{^-last}},{{/-last}}
             {{/authMethods}}
         }{{/hasAuthMethods}}{{#externalDocs}},
         externalDocs = @ExternalDocumentation(description = "{{externalDocs.description}}", url = "{{externalDocs.url}}"){{/externalDocs}}
@@ -196,16 +196,16 @@ public interface {{classname}} {
         responseContainer = "{{{.}}}"{{/returnContainer}}{{#hasAuthMethods}},
         authorizations = {
         {{#authMethods}}
-        {{#isOAuth}}
+        {{#scopes.0}}
             @Authorization(value = "{{name}}", scopes = {
             {{#scopes}}
                 @AuthorizationScope(scope = "{{scope}}", description = "{{description}}"){{^-last}},{{/-last}}
             {{/scopes}}
             }){{^-last}},{{/-last}}
-        {{/isOAuth}}
-        {{^isOAuth}}
+        {{/scopes.0}}
+        {{^scopes.0}}
             @Authorization(value = "{{name}}"){{^-last}},{{/-last}}
-        {{/isOAuth}}
+        {{/scopes.0}}
         {{/authMethods}} }{{/hasAuthMethods}}
     )
     @ApiResponses({