Multiple Authentication "OR" case not working correctly

[yana-os]

following the example here my schema.yml has:

 security:
   - basicAuth: []
   - ApiKeyAuth: []
     ...
 securitySchemes:
     basicAuth:
       type: http
       scheme: basic
     ApiKeyAuth:
       type: apiKey
       in: header
       name: X-Internal-x-Authorization-Token

According to the documentation my 'security' section should allow for either Basic authentication or an API key authentication, but there is no configuration option as far as I see (except for using the debug_auth_names flag) to avoid using 'Basic' and use only 'ApiKeyAuth' ("X-Internal-x-Authorization-Token") in my request. Bellow is the auto-generated code. Both authentication methods are added to auth_names, and update_params_for_auth! iterates on both and adds them both to my request header.

my header:

header_params = {Hash[5]} {Content-Type: application/js…, User-Agent: OpenAPI-Genera…, … 3 more}
 "Content-Type" => "application/json"
 "User-Agent" => "OpenAPI-Generator/0.0.40/ruby"
 "X-Internal-x-Authorization-Token" => "<some_hidden_value>"
 "Accept" => "application/json"
 "Authorization" => "Basic <some_other_value>"

auto-generated code:

    def transform_with_http_info(opts = {})
...
      auth_names = opts[:debug_auth_names] || ['ApiKeyAuth', 'basicAuth']
...
data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)

def call_api(http_method, path, opts = {})
...
      request = build_request(http_method, path, opts)

def build_request(http_method, path, opts = {})
 update_params_for_auth! header_params, query_params, opts[:auth_names]

opts[:auth_names] -> ['ApiKeyAuth', 'basicAuth']

def update_params_for_auth!(header_params, query_params, auth_names)
      Array(auth_names).each do |auth_name|
        auth_setting = @config.auth_settings[auth_name]
        next unless auth_setting
        case auth_setting[:in]
        when 'header' then header_params[auth_setting[:key]] = auth_setting[:value]
        when 'query'  then query_params[auth_setting[:key]] = auth_setting[:value]
        else fail ArgumentError, 'Authentication token must be in `query` or `header`'
        end
      end
    end

def auth_settings
      {
        'ApiKeyAuth' =>
          {
            type: 'api_key',
            in: 'header',
            key: 'X-Internal-x-Authorization-Token',
            value: api_key_with_prefix('ApiKeyAuth')
          },
        'basicAuth' =>
          {
            type: 'basic',
            in: 'header',
            key: 'Authorization',
            value: basic_auth_token
          },
      }
    end

    def basic_auth_token
      'Basic ' + ["#{username}:#{password}"].pack('m').delete("\r\n")
    end

[frantuma]

We would need some more details about the scenario, e.g. possibly your full specification, which codegen library/service you are using and which version, along with any generation options.

Also I am not sure I fully understand the issue and what you want to achieve:

there is no configuration option as far as I see (except for using the debug_auth_names flag) to avoid using 'Basic' and use only 'ApiKeyAuth' ("X-Internal-x-Authorization-Token") in my request

Do you want to define e.g. an operation in the spec to only accept ApiKeyAuth? in this case you would define only that in operation.security.

Or is the generated code the problem, always authorizing on both basic AND apikey while you would like the code to accept one OR the other?