[BUG][JAVA][JERSEY][CLIENT] (Auth parameter) API key is no longer added to query after version 4.3.1 (5.x+)

[DisasterMo]

Bug Report Checklist

• Have you provided a full/minimal spec to reproduce the issue?
• Have you validated the input using an OpenAPI validator (example)?
• Have you tested with the latest master to confirm the issue still exists?
• Have you searched for related issues/PRs?
• What's the actual output vs expected output?
• [Optional] Sponsorship to speed up the bug fix or feature request (example)

Description

I am trying to upgrade my project and its dependencies (from JDK 8 to JDK 21). However, when upgrading the openapi-generator-maven-plugin (currently 4.0.0) to any version 5 and above, the authentication with my web service fails.

I have tracked the issue down to the ApiClient's invokeApi method, which used to run updateParamsForAuth to update the parameter lists as its first statement, but in newer versions it runs after queryParams and cookieParams have already been processed and thus any new values added to those lists are ignored. So the API key, which my WS expects to receive in the query, is not added.

How does one use apiKey auth parameters in query now?

openapi-generator version

5.0.0 and higher

OpenAPI declaration file content or url

I hope this is enough of an example.

{
  "openapi": "3.0.1",
  "info": {
    "title": "MyWS",
    "version": "v1"
  },
  "servers": [
    {
      "url": "https://mine.site.my/myWS"
    }
  ],
  "components": {
    "schemas": {
      "Value": {
        "type": "object",
        "required": [
          "target",
          "type",
          "value"
        ],
        "properties": {
          "target": {
            "type": "string",
            "description": "ID of target"
          },
          "type": {
            "type": "string",
            "description": "what to update"
          },
          "value": {
            "type": "string",
            "description": "new value"
          }
        },
        "additionalProperties": false,
        "description": "Model for an update value"
      }
    },
    "securitySchemes": {
      "api_key": {
        "type": "apiKey",
        "name": "api_key",
        "in": "query"
      }
    }
  },
  "paths": {
    "/update": {
      "put": {
        "tags": [
          "Update"
        ],
        "operationId": "Update",
        "requestBody": {
          "description": "",
          "content": {
            "application/json": {
              "schema": {
                "$ref": "#/components/schemas/Value"
              }
            }
          }
        },
        "responses": {
          "204": {
            "description": "the update was successfull"
          }
        },
        "security": [
          {
            "api_key": [
              "ApiKeyPls"
            ]
          }
        ]
      }
    }
  }
}

Generation Details

My openapi-generator-maven-plugin configuration:

<plugin>
    <groupId>org.openapitools</groupId>
    <artifactId>openapi-generator-maven-plugin</artifactId>
    <version>7.8.0</version>
    <executions>
        <execution>
            <goals>
                <goal>generate</goal>
            </goals>
            <configuration>
                <inputSpec>${project.basedir}/src/swagger/update.json</inputSpec>
                <generatorName>java</generatorName>
                <modelPackage>my.updatews</modelPackage>
                <apiPackage>my.updatews</apiPackage>
                <invokerPackage>my.updatews</invokerPackage>
                <generateApiDocumentation>false</generateApiDocumentation>
                <generateModelDocumentation>false</generateModelDocumentation>
                <generateApiTests>false</generateApiTests>
                <generateModelTests>false</generateModelTests>
                <configOptions>
                    <sourceFolder>.</sourceFolder>
                    <dateLibrary>java8</dateLibrary>
                    <useJakartaEe>true</useJakartaEe>
                </configOptions>
                <library>jersey3</library>
            </configuration>
        </execution>
    </executions>
</plugin>

This should be (largely) equivalent to:

java -jar .\openapi-generator.jar -g java --library jersey3 -i update.json

Steps to reproduce

Well, code wise:

ApiClient client = new ApiClient();
client.setApiKey(myCredentials.getApiKey());
client.setBasePath(wsBasepath);
UpdateApi api = new UpdateApi(client);
ApiResponse<Void> response = api.updateWithHttpInfo(new Value().target(theTarget).type(theType).value(theValue));

Where UpdateApi.updateWithHttpInfo is generated as:

public ApiResponse<Void> updateWithHttpInfo(Value value) throws ApiException {
  String localVarAccept = apiClient.selectHeaderAccept();
  String localVarContentType = apiClient.selectHeaderContentType("application/json");
  String[] localVarAuthNames = new String[] {"api_key"};
  return apiClient.invokeAPI("UpdateApi.update", "/update", "PUT", new ArrayList<>(), value,
                             new LinkedHashMap<>(), new LinkedHashMap<>(), new LinkedHashMap<>(), localVarAccept, localVarContentType,
                             localVarAuthNames, null, false);
}

Before 5.0.0, apiClient.invokeAPI would create the correct query https://mine.site.my/myWS/update?api_key={myKey} before invoking it. From version 5.0.0 onwards, the issue described above occurs: the queryParams are processed, before being updated.

Related issues/PRs

Don't know, I couldn't find any.

Suggest a fix

I don't even know if this is a bug, or intended, since it apparently has been like this for some time now.