Description
Description
When I add an HTTP authentication scheme like ,e.g., Basic or Bearer to my specification, the genereated C++ Pistache code does neither provide username/password nor the bearer token to the called template method. In fact, nowhere in the generated code does any authentication/authorization logic appear.
openapi-generator version
Release 3.3.4
OpenAPI declaration file content or url
openapi: 3.0.0
info:
title: Simple Example API
description: Show case for missing authorization in codegen
version: 1.0.0
components:
securitySchemes:
basicAuth:
type: http
scheme: basic
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
security:
- basicAuth: []
- bearerAuth: []
paths:
/foo:
get:
responses:
'200':
description: Some foo
content:
application/json:
schema:
type: stringCommand line used for generation
java -jar openapi-generator-cli.jar generate -i my_showcase.yaml -g cpp-pistache-server -o MyPistacheShowCase
Steps to reproduce
Copy above YAML code in a file named "my_showcase.yaml" and execute above command line. Check C++ Pistache code.
Expected behaviour
In generated method DefaultApi::foo_get_handler username/password and bearer token are extracted from the header and passed on to the virtual template method DefaultApi::foo_get.
Even better, another central, virtual template method DefaultApi::checkAuth could be added by the generator and could be called before DefaultApi::foo_get. The user could then implement DefaultApi::checkAuth with some logic for checking the credentials or bearer token without having the burden to manually repeat that in every single ressource-method.
Actual behaviour
There is no security logic added to the generate code whatsoever. Thus, the generated server stub is useless, because the user cannot even access the authorization header in DefaultApi::foo_get anymore.