[BUG] Operation codegen always contains all scopes for oauth2

[ybelenko]

Bug Report Checklist

• Have you provided a full/minimal spec to reproduce the issue?
• Have you validated the input using an OpenAPI validator (example)?
• What's the version of OpenAPI Generator used?
• Have you search for related issues/PRs?
• What's the actual output vs expected output?
• [Optional] Bounty to sponsor the fix (example)

Description

I've noticed that current codegen always includes all scopes for oauth2 security schema within operations.
Invalid codegen example of updatePetWithForm operation which requires only write:pets and read:pets scopes but contains all existed:

...
    "authMethods": [
        {
            "name": "petstore_auth",
            "type": "oauth2",
            "hasMore": false,
            "isBasic": false,
            "isOAuth": true,
            "isApiKey": false,
            "isBasicBasic": false,
            "isBasicBearer": false,
            "vendorExtensions": {},
            "isKeyInQuery": false,
            "isKeyInHeader": false,
            "isKeyInCookie": false,
            "flow": "implicit",
            "authorizationUrl": "http://petstore.swagger.io/api/oauth/dialog",
            "scopes": [
                {
                    "scope": "write:pets",
                    "hasMore": "true",
                    "description": "modify pets in your account"
                },
                {
                    "scope": "read:pets",
                    "hasMore": "true",
                    "description": "read your pets"
                },
                {
                    "scope": "test:test",
                    "description": "just for tests purpose"
                }
            ],
            "isCode": false,
            "isPassword": false,
            "isApplication": false,
            "isImplicit": true
        }
    ],
...

openapi-generator version

4.0.0-SNAPSHOT

OpenAPI declaration file content or url

diff --git a/modules/openapi-generator/src/test/resources/2_0/petstore-with-fake-endpoints-models-for-testing.yaml b/modules/openapi-generator/src/test/resources/2_0/petstore-with-fake-endpoints-models-for-testing.yaml
index 8d7070b2df..62e480a1bd 100644
--- a/modules/openapi-generator/src/test/resources/2_0/petstore-with-fake-endpoints-models-for-testing.yaml
+++ b/modules/openapi-generator/src/test/resources/2_0/petstore-with-fake-endpoints-models-for-testing.yaml
@@ -1080,6 +1080,7 @@ securityDefinitions:
     scopes:
       'write:pets': modify pets in your account
       'read:pets': read your pets
+      'test:test': just for tests purpose
   api_key:
     type: apiKey
     name: api_key

Command line used for generation

Added -DdebugSupportingFiles to print codegen

java -XX:MaxPermSize=256M -Xmx1024M -DloggerPath=conf/log4j.properties -jar ./modules/openapi-generator-cli/target/openapi-generator-cli.jar generate -DdebugSupportingFiles -t modules/openapi-generator/src/main/resources/php-slim-server -i modules/openapi-generator/src/test/resources/2_0/petstore-with-fake-endpoints-models-for-testing.yaml -g php-slim -o samples/server/petstore/php-slim

Steps to reproduce

1. Add 'test:test': just for tests purpose scope to petstore_auth in securityDefinitions.
2. Start any generator with -DdebugSupportingFiles option.
3. Check that all secured endpoints have just created scope(test:test) in authMethods property which is wrong because they need write:pets and read:pets only.

Suggest a fix

Include only required scopes in codegen of each operation or mark somehow required ones.

[wing328]

Can you test the following PRs to see if these fix the issue for you?

• [ASP.Net Core] General support to add scopes for bearer authentication #1984
• Correct issue with OAuth scopes not propogated correctly #1982

[ybelenko]

@wing328
Checked both PRs.
Luckely, #1982 fixes this issue. First PR doesn't.

[ybelenko]

Fixed by #1982