Skip to content

fix(csharp-generichost): honor OR security alternatives for API key auth#24270

Open
madhus1218 wants to merge 1 commit into
OpenAPITools:masterfrom
madhus1218:fix-csharp-generichost-or-security
Open

fix(csharp-generichost): honor OR security alternatives for API key auth#24270
madhus1218 wants to merge 1 commit into
OpenAPITools:masterfrom
madhus1218:fix-csharp-generichost-or-security

Conversation

@madhus1218

@madhus1218 madhus1218 commented Jul 10, 2026

Copy link
Copy Markdown

Fixes #24138.

What changed

This updates the C# generichost generator so OR security requirements no longer apply every auth scheme from every alternative.

For a spec like:

security:
  - apiKeyHeader: []
  - apiKeyQuery: []

Summary by cubic

Fixes API key auth handling in the C# generichost generator for OR security. Only the first security alternative is applied, preventing mixed header+query auth.

  • Bug Fixes
    • Select the first SecurityRequirement from operation or global security and store its scheme names.
    • Filter op.authMethods to only those schemes for generichost during post-processing.
    • Added a test and example spec to verify only the header API key is used, not the query key.

Written for commit 64e49f5. Summary will update on new commits.

Review in cubic

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 3 files

Re-trigger cubic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[BUG][C#][generichost] All schemes from OR-alternative security requirements are applied — apiKey "in: query" leaks the secret into the URL

1 participant