Client Resquest not properly resetted when doing retries (multiple Authorization headers provided)

[lcausse]

Using quarkus-openapi-generator (open-api JSON file) and with "Bearer Token" security context ...

When executing retries (eg waiting for a "not ready" content), the AUTHORIZATION header value is provided several times by the generated REST client (one more for each retry)

Uni<String> res = clientRestService.getSomeData().onItem().transform( response->{
        switch( response.getJobStatus() ) {
            case COMPLETED:
                return "ok";
            default:
                throw new NotReadyException();
        }
    })
    .onFailure( NotReadyException.class ).retry().withBackOff(Duration.ofSeconds(3), Duration.ofSeconds(3)).atMost(5);

Comments
clientRestService is the client API generated by quarkus-openapi-generator
clientRestService is decorated with @RegisterProvider(com.xxx.api.auth.CompositeAuthenticationProvider.class) which is responsible for adding AUTHORIZATION Header

For the 1st time the AUTHORIZATION header is provided with 1 value : "token-string" => correct
At the 5th time the AUTHORIZATION header is provided with 5x values "token-string ... token-string"=> too much !

I don't know what should be done
Option 1 - the AUTHORIZATION headers should be cleaned before "adding" => my workoaround at this time (I add a filter that set the AUTH header with an empty list )
Option 2 - the Auth provider should prevent for duplicate values

[lcausse]

I also post the issue on quarkusio project #44917 and repost here following Sergey Beryozkin suggestion

[ricardozanini]

@lcausse can you please provide a reproducer? It might be a bug, and I think Option 2 is doable to fix this.

[lcausse]

I tried to create the reproducer.
https://github.com/lcausse/quarkus-openapi-generator-issue9000
This is the first time, I do this kind of job ...
I hope this is not too bad

[ricardozanini]

Thank you @lcausse!