credentials are required when no security is an option alongside a security pattern

[craignicol]

Take the following valid spec:

openapi: 3.0.1
info:
  title: Data
  description: Services for general data
  version: 1.0.0
servers: 
  - url: https://example.com
paths:
  /:
    get:
      operationId: Home
      security:
        - {}
        - OAuth2: []
      summary: Get Home Page
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Dummy'
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Dummy'
        '403':
          description: Unauthenticated
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Dummy'
        '404':
          description: Not Found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Dummy'
        '429':
          description: Too Many Requests
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Dummy'
        default:
          description: Default
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Dummy'
components:
  schemas:
    Dummy:
      type: string
      enum: [OK]
  securitySchemes:
    OAuth2:
      type: oauth2
      description: 'This API uses OAuth 2 with the authorization code flow.'
      flows:
        authorizationCode:
          authorizationUrl: https://TBC.example.com
          tokenUrl: https://TBC.example.com
          scopes:
            app_user: SCOPES TBC

And run the following command line:

autorest --input-file=mixed-security.yaml --v3 --clear-output-folder --output-folder=mixed-security-client --typescript

And observe that the resultant client has the following constructor:

  /**
   * Initializes a new instance of the Data class.
   * @param credentials Subscription credentials which uniquely identify client subscription.
   * @param options The parameter options
   */
  constructor(
    credentials: coreAuth.TokenCredential,
    options?: DataOptionalParams
  ) {}

i.e. that credentials is a required field, despite the security for that endpoint including the none authentication option described at OAI/OpenAPI-Specification#14 (comment)

I would expect the Data constructor to have an optional credentials parameter in this scenario.

[craignicol]

Version details: (Running on fully patched WSL2 Ubuntu)

AutoRest code generation utility [cli version: 3.6.1; node: v14.16.1]
(C) 2018 Microsoft Corporation.
https://aka.ms/autorest
info    | AutoRest core version selected from configuration: ~2.0.4413.
   Loading AutoRest core      '/home/craignicol/.autorest/@microsoft.azureautorest-core@2.0.4421/nodemodules/@microsoft.azure/autorest-core/dist' (2.0.4421)
   Loading AutoRest extension '@microsoft.azure/autorest.typescript' (~4.2.0->4.2.4)
   Loading AutoRest extension '@microsoft.azure/autorest.modeler' (2.3.51->2.3.51)

[sarangan12]

@craignicol This is similar to the issue #1416. The add-credentials flag is set to true by default. The documentation was incorrect. I have already created a PR to fix the documentation.

Please add --add-credentials to false, it you do not want the credentials flag.

[sarangan12]

The Documentation PR has been merged. No more action items pending on this issue. If you still face any issues, Please feel free to reopen this PR.