How to select which security to use when an operation has more than one alternative security requirements

[ayhanap]

Given an openapi spec with two security schemas and an operation with a security requirment object of those two schemas, quarkus-openapi-generator generates an AbstractCompositeAuthenticationProvider.

The problem here is AbstractCompositeAuthenticationProvider tries to filter requests with all of these security schemas but all of these security schemas are not required, only one is enough.
https://spec.openapis.org/oas/v3.1.0#security-requirement-object

How can we specify which security schema to use? For instance, I want to use basicAuth but the request filter fails because it cannot find OIDC configs. I couldn't find an answer going through this repository.

Here is a spec as an example.

With security schema definitions below.

      "OAuth2": {
        "type": "oauth2",
        "description": "OAuth2 scopes for Jira",
        "flows": {
          "authorizationCode": {
            "authorizationUrl": "https://auth.atlassian.com/authorize",
            "tokenUrl": "https://auth.atlassian.com/oauth/token",
            "scopes": {
              ....
            }
          }
        }
      },
      "basicAuth": {
        "type": "http",
        "description": "You can access this resource via basic auth.",
        "scheme": "basic"
      }
    }

And an operation with the below required security requirement object.

    "/rest/api/3/dashboard/gadgets": {
      "get": {
        "tags": [
          "Dashboards"
        ],
        "summary": "Get available gadgets",
        "description": "Gets a list of all available gadgets that can be added to all dashboards.\n\n**[Permissions](#permissions) required:** None.",
        "operationId": "getAllAvailableDashboardGadgets",
        "parameters": [],
        "responses": {
         ....}
        "deprecated": false,
        "security": [
          {
            "basicAuth": []
          },
          {
            "OAuth2": [
              "read:jira-work"
            ]
          }
        ],

[hbelmiro]

@ayhanap this seems to be a bug in the extension.
I filed an issue to track it.