redocly-cli icon indicating copy to clipboard operation
redocly-cli copied to clipboard
verified publisher icon Redocly

Digest Authorization header have bigger priority despite it described before another authorization

Open DmitryAnansky opened this issue 7 months ago • 0 comments

Describe the bug

Digest Authorization header has higher priority despite being described before another authorization type.
So if this type of Authorization is used, it always overrides the last Authorization header.

To Reproduce

Steps to reproduce the behavior:

  1. Given this x-security description:
   x-security:
     - scheme:
         type: http
         scheme: digest
       values:
         username: $inputs.name
         password: secret
     - scheme:
         type: apiKey
         name: Authorization
         in: header
       values:
         value: $inputs.secret
  1. When respect executed, digest auth header override API-Key header, although it should have bigger priority

Expected behavior

x-security header resolution should follow top-to-bottom order, with the bottom entry having higher priority.

DmitryAnansky avatar Jun 03 '25 18:06 DmitryAnansky