CompositeAuthenticationProvider does not apply always authentication resulting to HTTP 401 responses

[siavelis]

Hello!

There is an issue in the authentication logic, as it is not always applied.

How to reproduce:

• generate a client with operations that need any kind of authentication
• configure the generated Quarkus client with a url prefix, example below:

quarkus.rest-client.external_api_json.url=https://external.api.com/base-url
# enable request/response body logging for debugging
quarkus.rest-client.logging.scope=request-response
quarkus.rest-client.logging.body-limit=1024
quarkus.log.category."org.jboss.resteasy.reactive.client.logging".level=DEBUG

• call an operation that needs authentication

Result:

• authentication is not applied
• HTTP 401 is received

Possible workaround/fixes:

• CompositeAuthenticationProvider:canFilter uses the url path from the Openapi specification to decide whether to apply authentication or not. Hence the suggestion would be to include a case when the rest client has a prefix in the base url path
• Remove the prefix in the base url (not possible in my case)
• Note that using quarkus.openapi-generator.codegen.default-security-scheme will not rectify the issue

Versions used:

• quarkus-openapi-generator: 2.6.0
• Quarkus: 3.16.1
• Java: 17
• Maven: 3.9.3

[ricardozanini]

@siavelis, we recently changed the way we generate the authentication code. Was it working before version 2.5.0?

[siavelis]

@ricardozanini thank you for the follow up! I have tried with versions: 2.4.7 and 2.4.2 but there is the same issue

[ricardozanini]

I'll take a look once I have the time. If you can, please, send a PR to fix it.