Honza Dvorsky

As a workaround for server implementors running in the same issue as @sliemeobn, here's a server middleware you can add that should strip the percent encoding from any outgoing `set-cookie`...

@Jonovono you could add the value to a TaskLocal value on the server, which allows you to access it from the handler. Or inject a token storage object both into...

Yes, there are two solutions to this, one you can use now, and one tracked by this issue that aims to generate some type-safe representation of the authorization rules from...

The ServerMiddleware protocol provides an operationId parameter, which you can use to change behavior based on the operation. Alternatively, you can inspect the path, e.g. if your auth requirements can...

Gotcha. So if you don't want to have to maintain a manual list in your auth middleware that lets some operations through without auth and requires it for others, he's...

Yeah it's not ideal, it's just a workaround for the lack of full support for security schemes in Swift OpenAPI Generator. Once that's supported, you'd get all of the expected...

This example should be a good blueprint for what you need 🙂 https://github.com/apple/swift-openapi-generator/tree/main/Examples/auth-client-middleware-example

@tib yup, that's how it's expected to be used 👍

Yes, you can make your middleware an `actor`, for example, or a `class` that you make `Sendable` and manually ensure safe access to internal mutable state. In this middleware stateful...

Note that RFC 7230 speaks to this: https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.2 > The order in which header fields with differing field names are received is not significant. And > A recipient MAY combine...