René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Security key doesn't respect endpoint explicitly setting anonymous access (via `{}`)","articleBody":"Thanks for this wonderful library! It's been SO helpful :)\n\n**Describe the bug**\nThe client args in generated methods (Client vs AuthenticatedClient) don't match those described by security in the spec, when explicitly anonymous access is permitted in an endpoint's security list, as allowed in spec:\n\n\u003e An empty Security Requirement Object ({}) indicates anonymous access is supported. [[ref, with examples]](https://swagger.io/specification/?sbsearch=-a-n-o-n-y-m-o-u-s#security-requirement-object:~:text=An%20empty%20Security%20Requirement%20Object%20(%7B%7D)%20indicates%20anonymous%20access%20is%20supported.)\n\nExample:\n\n```\n  /auth-optional-explicit:\n    get:\n      summary: Requires auth but has empty object\n      security:   # \u003c--- client: AuthenticatedClient (EXPECTED: Client | AuthenticatedClient)\n        - {}\n        - ApiKeyAuth: []\n      responses:\n        '200':\n          description: OK\n```\n\nThis is due to this line\n\nhttps://github.com/openapi-generators/openapi-python-client/blob/49fa8fc076a5733e68029ba36f4672759c4ac52b/openapi_python_client/parser/openapi.py#L423\n\n```\n\u003e\u003e\u003e bool([])\nFalse\n\u003e\u003e\u003e bool([{\"ApiKeyAuth\": []}])\nTrue\n\u003e\u003e\u003e bool([{\"ApiKeyAuth\": []}, {}])\nTrue\n\u003e\u003e\u003e bool([{}])\nTrue\n```\n\nWe would want the last two to return False. We should check if `{}` is anywhere in a list (when it's a list).\n\nThis would do the trick:\n\n```py\nrequires_security_check = lambda sec: bool(sec or []) and {} not in (sec or [])\n```\n\n**OpenAPI Spec File**\n\n```yml\nopenapi: 3.1.0\ninfo:\n  title: Security Test API\n  version: 1.0.0\nservers:\n  - url: https://example.com\npaths:\n  /no-auth-specified:\n    get:\n      summary: Truly anonymous\n      security: []   # client: Client | AuthenticatedClient (EXPECTED: same)\n      responses:\n        '200':\n          description: OK\n  /explicit-anon:\n    get:\n      summary: Requires auth but has empty object\n      security:   # \u003c--- client: AuthenticatedClient (EXPECTED: not sure, but def not this)\n        - {}\n      responses:\n        '200':\n          description: OK\n  /auth-optional-explicit:\n    get:\n      summary: Requires auth but has empty object\n      security:   # \u003c--- client: AuthenticatedClient (EXPECTED: Client | AuthenticatedClient)\n        - {}\n        - ApiKeyAuth: []\n      responses:\n        '200':\n          description: OK\n  /auth-required:\n    get:\n      summary: Requires API key\n      security:   # \u003c--- client: AuthenticatedClient\n        - ApiKeyAuth: []\n      responses:\n        '200':\n          description: OK\ncomponents:\n  securitySchemes:\n    ApiKeyAuth:\n      type: apiKey\n      in: header\n      name: X-API-Key\n```\n\n**Desktop (please complete the following information):**\n - OS: [e.g. macOS 10.15.1]\n - Python Version: [e.g. 3.8.0]\n - openapi-python-client version [e.g. 0.1.0]\n\n**Additional context**\n...\n","author":{"url":"https://github.com/patcon","@type":"Person","name":"patcon"},"datePublished":"2025-12-06T19:22:35.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/1372/openapi-python-client/issues/1372"}