Skip to content
GitLab
Closed
Issue created by Administrator@rootContributor5 of 6 checklist items completed5/6 checklist items

[BUG][JAVA] OAuth authorizationUrl is HTML-escaped

Created by: JochenReinhardt

Bug Report Checklist

  • Have you provided a full/minimal spec to reproduce the issue?
  • Have you validated the input using an OpenAPI validator (example)?
  • Have you tested with the latest master to confirm the issue still exists?
  • Have you searched for related issues/PRs?
  • What's the actual output vs expected output?
  • [Optional] Sponsorship to speed up the bug fix or feature request (example)
Description

I am trying to generate a Java client (feign library) for an Open API spec using OAuth via openapi-generator-maven-plugin, version 6.0.0. The token URL contains parameters, e.g. https:/auth-server/token?key=value. The generator HTML-escapes the URL, resulting in https:/auth-server/token?key=value.

The generated client cannot authenticate, because the token URL is corrupted.

openapi-generator version

openapi-generator-maven-plugin, version 6.0.0 also occurs with version, 5.4.0

OpenAPI declaration file content or url

The spec contains the following securityScheme:

    "securitySchemes": {
      "oauth2": {
        "type": "oauth2",
        "flows": {
          "clientCredentials": {
            "tokenUrl": "https:/auth-server/token?key=value",
            "scopes": {
              "read_items": "read items"
            }
          }
        }
      }
    }
Generation Details

When using mvn generate-sources, the generated client contains an invalid token URL.

The maven build file configures the plugin:

<configuration>
    <inputSpec>src/main/open-api/spec.json</inputSpec>
    <generatorName>java</generatorName>
    <configOptions>
        <library>feign</library>
        <dateLibrary>java8-localdatetime</dateLibrary>
     </configOptions>
</configuration>
Steps to reproduce
  • define an Open API spec with OAuth token URL containing URL parameters
  • generate client using maven plugin
Suggest a fix

HTML-escaping the token / authorization URL is not correct. It should be avoided by fixing the corresponding Mustache template. The token URL and the authorization URL must not be HTML-escaped. This can be done by using {{{ to refer to the variables. basePath is referenced correctly in the Java-Feign template. See modules/openapi-generator/src/main/resources/Java/libraries/feign/ApiClient.mustache

As a workaround, I added a fixed version of the java-feign template and set it up in the maven plugin configuration: <templateDirectory>src/main/open-api/templates</templateDirectory>